TWI759138B - Threshold signature scheme system based on inputting password and method thereof - Google Patents

Threshold signature scheme system based on inputting password and method thereof Download PDF

Info

Publication number
TWI759138B
TWI759138B TW110109070A TW110109070A TWI759138B TW I759138 B TWI759138 B TW I759138B TW 110109070 A TW110109070 A TW 110109070A TW 110109070 A TW110109070 A TW 110109070A TW I759138 B TWI759138 B TW I759138B
Authority
TW
Taiwan
Prior art keywords
value
host
server
client
password
Prior art date
Application number
TW110109070A
Other languages
Chinese (zh)
Other versions
TW202239173A (en
Inventor
莊治耘
林祐德
陳致豪
林子圻
Original Assignee
英屬開曼群島商現代財富控股有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 英屬開曼群島商現代財富控股有限公司 filed Critical 英屬開曼群島商現代財富控股有限公司
Priority to TW110109070A priority Critical patent/TWI759138B/en
Application granted granted Critical
Publication of TWI759138B publication Critical patent/TWI759138B/en
Publication of TW202239173A publication Critical patent/TW202239173A/en

Links

Images

Abstract

A threshold signature scheme system based on inputting password and method thereof is disclosed. By assigning an X coordinate and a level value to a client and a server through a fair host. After setting a password on the client, the client and the server performing a distributed key generation (DKG) function based on secure multi-party computation (MPC), so as to generate a plurality of shares corresponding to the password according to the password, the X coordinate and the level value, and storing one of the shares into the server. When executing threshold signature scheme (TSS), just inputting the password on the client to regenerate the share corresponding to the password on the client, and executing the TSS together with the share of the server. The mechanism is help to improve the transaction security and management convenience of blockchain wallet.

Description

基於輸入密碼的門檻式簽章系統及其方法Threshold signature system and method based on input password

本發明涉及一種簽章系統及其方法,特別是基於輸入密碼的門檻式簽章系統及其方法。The invention relates to a signature system and a method thereof, in particular to a threshold type signature system and method based on an input password.

近年來,隨著區塊鏈的普及與蓬勃發展,各種區塊鏈技術的改良手段便如雨後春筍般湧現。其中,又以區塊鏈錢包的安全性最受矚目。In recent years, with the popularization and vigorous development of blockchain, various improvement methods of blockchain technology have sprung up like mushrooms after rain. Among them, the security of the blockchain wallet is the most eye-catching.

一般而言,基於區塊鏈的數位貨幣是透過區塊鏈錢包來進行交易與簽章,傳統的區塊鏈錢包會儲存至少一組金鑰對(包含公鑰及私鑰),以便在交易時,使用私鑰來對交易進行簽章以證明自己是數位貨幣的合法擁有者,進而成功執行交易。因此,在這些數位貨幣的價值水漲船高的時代,如何確保區塊鏈錢包的安全性便顯得格外重要,傳統將完整的金鑰對直接儲存在區塊鏈錢包內的方式,因為其金鑰對容易遭到竊取或外洩,所以具有安全性不足的問題。Generally speaking, blockchain-based digital currencies are traded and signed through blockchain wallets. Traditional blockchain wallets store at least one set of key pairs (including public and private keys) for transaction purposes. When , use the private key to sign the transaction to prove that you are the legal owner of the digital currency, and then successfully execute the transaction. Therefore, in the era of the rising value of these digital currencies, how to ensure the security of the blockchain wallet is particularly important. The traditional way of directly storing the complete key pair in the blockchain wallet is that the key pair is easy to It is stolen or leaked, so there is a problem of insufficient security.

有鑑於此,便有廠商提出將私鑰以秘密共享演算法拆分並分開存放的技術手段,其透過秘密共享演算法將私鑰拆分成多個共享單元(Share),並且允許在共享單元的數量滿足門檻值時,通過數學運算直接根據這些共享單元產生符合簽章格式的簽章,而無須組合出私鑰,藉以降低私鑰洩漏的風險。然而,此種方式存在管理不便及安全性不佳的問題,例如:要使用網頁程式執行時,通常會將共享單元儲存在「Cookie」中,但其安全性極低。另外,當區塊鏈錢包的載體(如:電腦、智慧型手機等等)遺失時,有可能導致共享單元被暴力取出,雖然僅遺失單一共享單元仍不足以進行簽章,但仍然有其風險存在,並且在私鑰共享單元從外部傳輸到主機時,僅依靠 HTTPS 加密,很可能因為釣魚或是網路上的各種攻擊方式,使得私鑰共享單元暴露。另一方面,實際持有共享單元便具有管理上的困擾,為了能夠隨時交易需要隨身攜帶,反而造成增加遺失或外洩的機率。因此,此方式仍然無法有效解決區塊鏈錢包的交易安全性及管理便利性不足的問題。In view of this, some manufacturers have proposed a technical means of splitting and storing the private key with a secret sharing algorithm, which splits the private key into multiple shared units (Share) through the secret sharing algorithm, and allows the sharing of the private key in the unit. When the number of tokens meets the threshold value, a signature that conforms to the signature format is generated directly from these shared units through mathematical operations, without the need to combine private keys, thereby reducing the risk of private key leakage. However, this method has problems of inconvenient management and poor security. For example, when a web program is used to execute, the shared unit is usually stored in a "cookie", but its security is extremely low. In addition, when the carrier of the blockchain wallet (such as a computer, a smart phone, etc.) is lost, it may lead to the violent removal of the shared unit. Although only losing a single shared unit is not enough for signing, it still has its risks. It exists, and when the private key sharing unit is transmitted from the outside to the host, only relying on HTTPS encryption, it is very likely that the private key sharing unit is exposed due to phishing or various attack methods on the Internet. On the other hand, the actual holding of the shared unit has the trouble of management. In order to be able to trade at any time, it needs to be carried with you, which increases the probability of loss or leakage. Therefore, this method still cannot effectively solve the problems of insufficient transaction security and management convenience of blockchain wallets.

綜上所述,可知先前技術中長期以來一直存在區塊鏈錢包的交易安全性及管理便利性不足的問題,因此實有必要提出改進的技術手段,來解決此一問題。To sum up, it can be seen that there has been a long-standing problem of insufficient transaction security and management convenience of blockchain wallets in the prior art. Therefore, it is necessary to propose improved technical means to solve this problem.

本發明揭露一種基於輸入密碼的門檻式簽章系統及其方法。The invention discloses a threshold type signature system and method based on the input password.

首先,本發明揭露一種基於輸入密碼的門檻式簽章系統,應用在包含多個節點的區塊鏈網路,其包含:公正端主機、客戶端主機及伺服端主機。其中,公正端主機作為節點其中之一,用以預先為所述節點分配不同的X座標及層級值;客戶端主機作為節點其中之一,用以接收公正端主機分配的X座標及層級值,所述客戶端主機包含:第一生成模組、第二生成模組及第一運算模組。其中,第一生成模組用以允許輸入密碼及隨機選擇b值,並且將密碼帶入第一雜湊函式計算出的數值與b值相乘以生成P值並進行傳送;第二生成模組連接第一生成模組,用以接收V值,並且將密碼、P值及b值的倒數與V值的乘積帶入第二雜湊函式計算出的整數值作為客戶端主機持有且對應密碼的密碼共享單元;以及第一運算模組連接第二生成模組,用以基於安全多方計算(Secure Multi-Party Computation, MPC)執行分散式金鑰生成函式,將門檻式簽章的t值、n值及客戶端主機的層級值帶入分散式金鑰生成函式以生成客戶端主機的客戶端共享單元及其相應的門檻式簽章公鑰,其中客戶端共享單元等於密碼共享單元。接著,所述伺服端主機作為節點其中之一,用以接收公正端主機分配的X座標及層級值,伺服端主機包含:金鑰模組、第二運算模組及儲存模組。其中,金鑰模組用以在接收到P值之後,生成非對稱式的私鑰及其相應的公鑰,並且隨機選擇k值,再將k值與P值的乘積作為V值,以及將公鑰及V值傳送至客戶端主機;第二運算模組,用以基於安全多方計算執行分散式金鑰生成函式,將門檻式簽章的t值、n值及伺服端主機的層級值帶入分散式金鑰生成函式以生成伺服端主機的伺服端共享單元且相應於門檻式簽章公鑰;以及儲存模組連接金鑰模組及第二運算模組,用以儲存伺服端共享單元、k值、門檻式簽章公鑰、私鑰以及伺服端主機及客戶端主機的X座標與層級值;其中,當客戶端主機及伺服端主機執行門檻式簽章時,客戶端主機提示輸入密碼且重新隨機選擇b值,並且將輸入的密碼帶入第一雜湊函式計算出的數值與重新選擇的b值相乘以重新生成P值,以及將重新生成的P值傳送至伺服端主機,使伺服端主機重新計算V值並傳送至客戶端主機,再由客戶端主機將密碼、重新生成的P值、重新選擇的b值的倒數與重新計算出的V值的乘積帶入第二雜湊函式以重新生成客戶端主機的客戶端共享單元,再根據客戶端主機重新生成的客戶端共享單元與伺服端主機儲存的伺服端共享單元對交易雜湊訊息執行門檻式簽章。First, the present invention discloses a threshold-type signature system based on an input password, which is applied to a blockchain network including a plurality of nodes, and includes a fair end host, a client host and a server host. Among them, the fair-end host is one of the nodes, used to pre-allocate different X coordinates and level values to the nodes; the client host is one of the nodes, used to receive the X-coordinate and level values assigned by the fair-end host, The client host includes: a first generation module, a second generation module and a first operation module. Among them, the first generation module is used to allow the input of the password and the random selection of the b value, and the password is brought into the value calculated by the first hash function and multiplied by the b value to generate the P value and transmit it; the second generation module The first generation module is connected to receive the V value, and the product of the password, the reciprocal of the P value and the b value and the V value is brought into the integer value calculated by the second hash function as the client host and the corresponding password. and the first operation module is connected to the second generation module to execute the distributed key generation function based on Secure Multi-Party Computation (MPC), and convert the t value of the threshold signature , the value of n and the level value of the client host are brought into the distributed key generation function to generate the client shared unit of the client host and its corresponding threshold signature public key, where the client shared unit is equal to the cryptographic shared unit. Next, the server host, as one of the nodes, is used to receive the X coordinate and the level value assigned by the fair end host. The server host includes a key module, a second operation module and a storage module. Among them, the key module is used to generate an asymmetric private key and its corresponding public key after receiving the P value, randomly select the k value, and then use the product of the k value and the P value as the V value, and use The public key and V value are sent to the client host; the second computing module is used to execute a distributed key generation function based on secure multi-party computation, and convert the t value and n value of the threshold signature and the level value of the server host Bring in the distributed key generation function to generate the server-side sharing unit of the server-side host and correspond to the threshold-type signature public key; and the storage module is connected to the key module and the second computing module for storing the server-side Shared unit, k value, threshold signature public key, private key, and X-coordinate and level value of the server host and client host; where, when the client host and the server host execute threshold signature, the client Prompt for a password and re-select the b value randomly, and take the entered password into the first hash function The calculated value is multiplied by the re-selected b value to regenerate the P value, and transmit the regenerated P value to the servo The end host makes the server end host recalculate the V value and transmit it to the client host, and then the client host brings the product of the password, the regenerated P value, the reciprocal of the reselected b value and the recalculated V value into The second hash function regenerates the client shared unit of the client host, and then performs threshold signature on the transaction hash message according to the client shared unit regenerated by the client host and the server shared unit stored by the server host.

另外,本發明還揭露一種基於輸入密碼的門檻式簽章方法,應用在包含多個節點的區塊鏈網路,其步驟包括:提供作為區塊鏈網路的節點的公正端主機、客戶端主機及伺服端主機,所述客戶端主機及伺服端主機皆由公正端主機預先分配相應的X座標及層級值;客戶端主機允許輸入密碼及隨機選擇b值,並且將密碼帶入第一雜湊函式計算出的數值與b值相乘以生成P值,以及將此P值傳送至伺服端主機;伺服端主機接收到P值之後,生成非對稱式的私鑰及其相應的公鑰,並且隨機選擇k值,再將k值與P值的乘積作為V值,以及將公鑰及V值傳送至客戶端主機;客戶端主機在接收到V值後,將密碼、P值及b值的倒數與V值的乘積帶入第二雜湊函式計算出的整數值作為客戶端主機持有且對應所述密碼的密碼共享單元;客戶端主機及伺服端主機以安全多方計算執行分散式金鑰生成函式,將門檻式簽章的t值、n值及各自的層級值帶入分散式金鑰生成函式以生成客戶端主機的客戶端共享單元及伺服端主機的伺服端共享單元,其中客戶端共享單元等於密碼共享單元,以及生成與客戶端共享單元及伺服端共享單元相應的門檻式簽章公鑰;伺服端主機儲存伺服端共享單元、k值、門檻式簽章公鑰、私鑰以及伺服端主機及客戶端主機的X座標與層級值;以及當執行門檻式簽章時,客戶端主機提示輸入密碼且重新隨機選擇b值,並且將輸入的密碼帶入第一雜湊函式計算出的數值與重新選擇的b值相乘以重新生成P值,以及將重新生成的P值傳送至伺服端主機,使伺服端主機重新計算V值並傳送至客戶端主機,再由客戶端主機將密碼、重新生成的P值、重新選擇的b值的倒數與重新計算出的V值的乘積帶入第二雜湊函式以重新生成客戶端主機的客戶端共享單元,再根據客戶端主機重新生成的客戶端共享單元與伺服端主機儲存的伺服端共享單元對交易雜湊訊息執行門檻式簽章。In addition, the present invention also discloses a threshold-type signature method based on inputting a password, which is applied to a blockchain network including a plurality of nodes. The host and the server host, the client host and the server host are pre-assigned the corresponding X coordinate and level value by the fair end host; the client host allows to input the password and randomly select the b value, and bring the password into the first hash The value calculated by the function is multiplied by the b value to generate the P value, and the P value is sent to the server host; after the server host receives the P value, it generates an asymmetric private key and its corresponding public key, And randomly select the k value, and then use the product of the k value and the P value as the V value, and transmit the public key and the V value to the client host; after receiving the V value, the client host sends the password, P value and b value. The product of the reciprocal and the V value is brought into the integer value calculated by the second hash function as the password sharing unit held by the client host and corresponding to the password; The key generation function, which brings the t value, n value and their respective level values of the threshold signature into the distributed key generation function to generate the client shared unit of the client host and the server shared unit of the server host, The client-side sharing unit is equal to the password-sharing unit, and generates a threshold-type signature public key corresponding to the client-side sharing unit and the server-side sharing unit; the server-side host stores the server-side sharing unit, k value, threshold-type signature public key, The private key, the X coordinate and level value of the server host and the client host; and when the threshold signature is executed, the client host prompts for a password and re-selects the b value randomly, and brings the entered password into the first hash function The value calculated by the formula is multiplied by the reselected b value to regenerate the P value, and the regenerated P value is transmitted to the server host, so that the server host recalculates the V value and transmits it to the client host, and then the client host The end host takes the product of the password, the regenerated P value, the reciprocal of the reselected b value, and the recalculated V value into the second hash function to regenerate the client shared unit of the client host, and then according to the client The client-side sharing unit regenerated by the host and the server-side sharing unit stored by the server-side host perform threshold signatures on the transaction hash message.

本發明所揭露之系統與方法如上,與先前技術的差異在於本發明是透過公正端主機為客戶端主機及伺服端主機分配X座標及層級值,並且允許在客戶端主機設定密碼後,使客戶端主機及伺服端主機基於安全多方計算執行分散式金鑰生成函式,用以根據密碼、X座標及層級值生成與密碼相應的共享單元並儲存在伺服端主機,當執行門檻式簽章時,僅需在客戶端主機輸入密碼即可在客戶端主機重新產生與密碼相應的共享單元,並且與儲存在伺服端主機的共享單元共同執行門檻式簽章。The system and method disclosed in the present invention are as above, and the difference from the prior art lies in that the present invention allocates X coordinates and level values to the client host and the server host through the fair host, and allows the client to set a password after the client host sets a password. The end host and the server end host execute a distributed key generation function based on secure multi-party computation to generate a shared unit corresponding to the password according to the password, X coordinate and level value and store it on the server end host. When the threshold signature is executed , the shared unit corresponding to the password can be regenerated on the client host only by inputting the password on the client host, and the threshold-type signature can be executed jointly with the shared unit stored in the server host.

透過上述的技術手段,本發明可以在不生成私鑰的情況下,達成提高區塊鏈錢包的交易安全性及管理便利性之技術功效。Through the above technical means, the present invention can achieve the technical effect of improving the transaction security and management convenience of the blockchain wallet without generating a private key.

以下將配合圖式及實施例來詳細說明本發明之實施方式,藉此對本發明如何應用技術手段來解決技術問題並達成技術功效的實現過程能充分理解並據以實施。The embodiments of the present invention will be described in detail below in conjunction with the drawings and examples, so as to fully understand and implement the implementation process of how the present invention applies technical means to solve technical problems and achieve technical effects.

首先,在說明本發明所揭露之基於輸入密碼的門檻式簽章系統及其方法之前,先對本發明的應用環境作說明,本發明係應用在區塊鏈網路中,區塊鏈網路中的各節點能夠執行安全多方計算,用以相互交換資料及計算結果,進而執行門檻式簽章。接著,針對本發明自行定義的名詞作說明,本發明所述的第一雜湊函式是根據字串或位元組陣列生成橢圓曲線群(Elliptic Curve Group)元素的函式,所述第二雜湊函式是根據字串或位元組陣列生成整數的函式。另外,本發明所述的共享單元(Share)是指在進行安全多方計算時,在不同的節點之間進行相互交換資料及計算結果所生成的元素,此元素能夠用來計算出符合橢圓曲線數位簽名演算法(Elliptic Curve Digital Signature Algorithm, ECDSA)的簽章格式之簽章(或稱為「簽名」),其中、基於密碼產生的便稱之為「密碼共享單元」,由客戶端主機持有的便稱為「客戶端共享單元」,由伺服端主機持有的便稱為「伺服端共享單元」。First of all, before describing the password-based threshold signature system and method disclosed in the present invention, the application environment of the present invention is described first. The present invention is applied in a blockchain network, and in a blockchain network Each node of the network can perform secure multi-party computation to exchange data and computation results with each other, and then perform threshold signature. Next, for the self-defined nouns of the present invention, the first hash function of the present invention is a function to generate elliptic curve group (Elliptic Curve Group) elements according to a string or a byte array, and the second hash function A function is a function that generates an integer from a string or byte array. In addition, the shared unit (Share) in the present invention refers to an element generated by mutual exchange of data and calculation results between different nodes when performing secure multi-party computation, and this element can be used to calculate the digital data that conforms to the elliptic curve. The signature (or "signature") of the signature format of the signature algorithm (Elliptic Curve Digital Signature Algorithm, ECDSA), among which, the one generated based on the password is called the "password sharing unit", which is held by the client host. It is called "client-side shared unit", and the one held by the server host is called "server-side shared unit".

以下配合圖式對本發明基於輸入密碼的門檻式簽章系統及其方法做進一步說明,請先參閱「第1圖」,「第1圖」為本發明基於輸入密碼的門檻式簽章系統之系統方塊圖,應用在包含多個節點的區塊鏈網路100,此系統包含:公正端主機110、客戶端主機120及伺服端主機130。其中,公正端主機110作為節點其中之一,用以預先為所述節點分配不同的X座標及層級值。舉例來說,公正端主機110可為客戶端主機120分配X座標為數值3且層級值為數值0,以及為伺服端主機130分配X座標為數值5且層級值為數值0。另外,客戶端主機120及伺服端主機130可執行雙因子認證或稱為雙重驗證(Two-Factor Authentication, 2FA)以驗證交易者身分,進而增加交易的安全性。The following is a further description of the threshold type signature system based on inputting a password and the method of the present invention in conjunction with the drawings. Please refer to "Fig. 1" first. The block diagram is applied to the blockchain network 100 including a plurality of nodes. The system includes: an impartial end host 110 , a client end host 120 and a server end host 130 . The fair-end host 110 is one of the nodes, and is used to pre-allocate different X-coordinates and level values to the nodes. For example, peer host 110 may assign client host 120 an X coordinate of value 3 and a rank value of 0, and server host 130 an X coordinate of 5 and a rank value of 0. In addition, the client host 120 and the server host 130 can perform two-factor authentication or two-factor authentication (2FA) to verify the identity of the trader, thereby increasing the security of the transaction.

客戶端主機120作為節點其中之一,用以接收公正端主機110分配的X座標及層級值,所述客戶端主機120包含:第一生成模組121、第二生成模組122及第一運算模組123。其中,第一生成模組121用以允許輸入密碼及隨機選擇b值,並且將密碼帶入第一雜湊函式計算出的數值與b值相乘以生成P值並進行傳送。舉例來說,假設使用者輸入密碼為「password」、隨機選擇的b值為數值8,則P值的計算方式為「Hash(password) * 8」,其中,「Hash()」代表第一雜湊函式,而「Hash(password)」為橢圓曲線上的一個點。The client host 120, as one of the nodes, is used to receive the X coordinate and the level value assigned by the fair end host 110. The client host 120 includes: a first generation module 121, a second generation module 122 and a first operation Module 123. The first generation module 121 is used to allow input of a password and random selection of b value, and multiply the value calculated by the password into the first hash function and b value to generate a P value and transmit it. For example, if the user enters the password as "password" and the randomly selected b value is 8, the calculation method of the P value is "Hash(password) * 8", where "Hash()" represents the first hash function, and "Hash(password)" is a point on the elliptic curve.

第二生成模組122連接第一生成模組121,用以自伺服端主機130接收V值,並且將密碼、P值及b值的倒數與V值的乘積帶入第二雜湊函式計算出的整數值作為客戶端主機持有且對應密碼的密碼共享單元。相較於第一生成模組121使用第一雜湊函式,第二生成模組122則是使用第二雜湊函式計算相應於密碼的共享單元(即:密碼共享單元「share-pw」),也就是說,密碼共享單元的計算方式為「Hash’(password, P, 8 -1* V)」其中,「Hash’()」為第二雜湊函式、「password」為密碼、「P」為P值、「8 -1」為b值的倒數、「V」為接收自伺服端主機130的V值。在實際實施上,客戶端主機120還可自伺服端主機130接收公鑰,並且使用此公鑰對自己的密碼進行加密,以便將加密後的密碼儲存在雲端硬碟作為備份之用。如此一來,當使用者忘記密碼時,可以向伺服端主機130要求相應的私鑰以對其進行解密,進而獲得密碼。 The second generation module 122 is connected to the first generation module 121 to receive the V value from the server host 130, and bring the password, the P value, and the product of the reciprocal of the b value and the V value into the second hash function to calculate The integer value of , as the shared unit of the password held by the client host and corresponding to the password. Compared with the first generation module 121 using the first hash function, the second generation module 122 uses the second hash function to calculate the shared unit corresponding to the password (ie, the password shared unit "share-pw"), That is to say, the calculation method of the password sharing unit is "Hash'(password, P, 8 -1 * V)", where "Hash'()" is the second hash function, "password" is the password, "P" is the P value, “8 −1 ” is the reciprocal of the b value, and “V” is the V value received from the server host 130 . In practice, the client host 120 can also receive the public key from the server host 130, and use the public key to encrypt its own password, so as to store the encrypted password in the cloud hard disk for backup. In this way, when the user forgets the password, he can request the corresponding private key from the server host 130 to decrypt it, thereby obtaining the password.

第一運算模組123連接第二生成模組122,用以基於安全多方計算執行分散式金鑰生成函式,將門檻式簽章的t值、n值及客戶端主機的層級值帶入分散式金鑰生成函式以生成客戶端主機的客戶端共享單元及其相應的門檻式簽章公鑰,其中客戶端共享單元等於密碼共享單元。在實際實施上,門檻式簽章的t值代表門檻值、n值代表所有參與簽章運算的節點數量,舉例來說,當參與門檻式簽章的節點為客戶端主機120及伺服端主機130時,因為只有兩台主機,所以n值為數值2。另外,當t值為數值2時,代表至少需要具有符合的共享單元的兩台主機(以此例而言,分別為客戶端主機120及伺服端主機130)才能完成簽章。The first operation module 123 is connected to the second generation module 122, and is used for executing a distributed key generation function based on secure multi-party computation, and brings the t value, n value of the threshold signature and the level value of the client host into the distributed key generation function. A key generation function is used to generate the client shared unit of the client host and its corresponding threshold-type signature public key, wherein the client shared unit is equal to the password shared unit. In actual implementation, the t value of the threshold signature represents the threshold value, and the n value represents the number of all nodes participating in the signature operation. For example, when the nodes participating in the threshold signature are the client host 120 and the server host 130 When there are only two hosts, the n value is the value 2. In addition, when the value of t is 2, it means that at least two hosts (in this example, the client host 120 and the server host 130 , respectively) with matching shared units are required to complete the signature.

接著,所述伺服端主機130作為節點其中之一,用以接收公正端主機110分配的X座標及層級值,伺服端主機130包含:金鑰模組131、第二運算模組132及儲存模組133。其中,金鑰模組131用以在接收到P值之後,生成非對稱式的私鑰及其相應的公鑰,並且隨機選擇k值,再將k值與P值的乘積作為V值,以及將公鑰及V值傳送至客戶端主機。此處隨機選擇k值的方式,如同客戶端主機120隨機選擇b值的方式,假設k值為數值100,便將接收自客戶端主機120的P值與k值相乘得到V值,即:「V = 100 * P」,接著再將生成的公鑰及V值傳送至客戶端主機120。Next, the server host 130 is used as one of the nodes to receive the X coordinate and the level value assigned by the fair host 110. The server host 130 includes: a key module 131, a second operation module 132 and a storage module Group 133. The key module 131 is used to generate an asymmetric private key and its corresponding public key after receiving the P value, randomly select the k value, and then use the product of the k value and the P value as the V value, and Send the public key and V value to the client host. The method of randomly selecting the value of k here is similar to the method in which the client host 120 randomly selects the value of b. Assuming that the value of k is 100, the value of V is obtained by multiplying the value of P received from the client host 120 by the value of k, namely: "V = 100 * P", and then transmit the generated public key and the V value to the client host 120 .

第二運算模組132用以基於安全多方計算執行分散式金鑰生成函式,將門檻式簽章的t值、n值及伺服端主機的層級值帶入分散式金鑰生成函式以生成伺服端主機的伺服端共享單元且相應於門檻式簽章公鑰。在實際實施上,將門檻式簽章的t值、n值及伺服端主機的層級值帶入分散式金鑰生成函式主要是為了選擇合適的第一多項式,實際上,基於安全多方計算所執行的分散是金鑰生成函式包含下列步驟:The second computing module 132 is used for executing the distributed key generation function based on secure multi-party computation, and brings the t value, n value of the threshold signature and the level value of the server host into the distributed key generation function to generate The server-side shared unit of the server-side host corresponds to the threshold-type signature public key. In actual implementation, the t value, n value of the threshold signature and the level value of the server host are brought into the distributed key generation function mainly to select the appropriate first polynomial. The computation performed by the scatter is that the key generation function consists of the following steps:

1. 客戶端主機120及伺服端主機130相互交換各自的X座標。假設客戶端主機120的X座標為數值3、伺服端主機130的X座標為數值5,相互交換後,客戶端主機120會得知伺服端主機130的X座標,同樣地,伺服端主機130也會得知客戶端主機120的X座標。1. The client host 120 and the server host 130 exchange their respective X coordinates with each other. Assuming that the X coordinate of the client host 120 is the value 3, and the X coordinate of the server host 130 is the value 5, after the mutual exchange, the client host 120 will know the X coordinate of the server host 130. Similarly, the server host 130 also The X coordinate of the client host 120 will be known.

2. 客戶端主機120根據t值、n值及層級值隨機選擇第一多項式,伺服端主機根據t值、n值及層級值隨機選擇第二多項式,第一多項式及第二多項式的最高次數為t值減數值1,以及將客戶端主機120的X座標分別帶入第一多項式及第二多項式以分別計算出第一多項式值及第二多項式值(即:客戶端主機120將自己的X座標帶入第一多項式,伺服端主機130將客戶端主機120的X座標帶入第一多項式),其中,隨機選擇的第一多項式需滿足第一多項式值與密碼共享單元相等,隨機選擇的第二多項式需滿足第二多項式值為數值零。換句話說,假設第一多項式為「f user(x)」、第二多項式為「f server(x)」,那麼,「f user(3) = share-pw」、「f server(3) = 0」。 2. The client host 120 randomly selects the first polynomial according to the t value, the n value and the level value, and the server host randomly selects the second polynomial, the first polynomial and the third polynomial according to the t value, the n value and the level value. The highest degree of the second polynomial is the t value minus the value 1, and the X coordinate of the client host 120 is brought into the first polynomial and the second polynomial to calculate the first polynomial value and the second polynomial value, respectively. polynomial value (ie: the client host 120 brings its own X coordinate into the first polynomial, and the server host 130 brings the X coordinate of the client host 120 into the first polynomial), wherein the randomly selected The first polynomial needs to satisfy that the first polynomial value is equal to the password sharing unit, and the randomly selected second polynomial needs to satisfy that the second polynomial value is zero. In other words, assuming the first polynomial is "f user (x)" and the second polynomial is "f server (x)", then, "f user (3) = share-pw", "f server (x)" (3) = 0".

3. 客戶端主機120及伺服端主機130將自身的X座標帶入自身選擇的第一多項式或第二多項式以計算出相應的第三多項式值,以及將對方的X座標帶入自身選擇的第一多項式或第二多項式以計算出相應的第四多項式值,並且由客戶端主機120將計算出的第四多項式值「f user(5)」傳送給伺服端主機130。特別要說明的是,由於第二多項式需滿足第二多項式值為數值零,所以伺服端主機130傳送的數值一定為零。因此,在此步驟中,伺服端主機130可以不用將已知的數值零傳送給客戶端主機120,而是僅由客戶端主機120傳送「f user(5)」給伺服端主機130即可。以上例而言,客戶端主機120會得到「f user(3)」,而伺服端主機會得到「f user(5)」及「f server(5)」。也就是說,第三多項式值是指將自身的X座標帶入自身選擇的多項式所得到的值,如:客戶端主機120得到的第三多項式值為「f user(3)」,以及伺服端主機130得到的第三多項式值為「f server(5)」,第四多項式值則是將對方的X座標帶入自身選擇的多項式所得到的值,如:伺服端主機130得到的第四多項式值為「f server(3)」,以及客戶端主機120得到的第四多項式值為「f user(5)」。 3. The client host 120 and the server host 130 bring their own X-coordinates into the first polynomial or second polynomial selected by themselves to calculate the corresponding third polynomial value, and add the other party's X-coordinate Bring in the first polynomial or second polynomial selected by itself to calculate the corresponding fourth polynomial value, and the calculated fourth polynomial value "f user (5) by the client host 120 ” is sent to the server host 130 . It should be noted that, since the second polynomial needs to satisfy the value of the second polynomial value of zero, the value transmitted by the server host 130 must be zero. Therefore, in this step, the server host 130 does not need to transmit the known value zero to the client host 120 , but only the client host 120 transmits “f user (5)” to the server host 130 . In the above example, the client host 120 would get "f user (3)", and the server host would get "f user (5)" and "f server (5)". That is to say, the third polynomial value refers to the value obtained by bringing its own X coordinate into the polynomial selected by itself. For example, the third polynomial value obtained by the client host 120 is “f user (3)” , and the third polynomial value obtained by the server host 130 is "f server (5)", and the fourth polynomial value is the value obtained by bringing the opponent's X coordinate into the polynomial selected by itself, such as: The fourth polynomial value obtained by the end host 130 is "f server (3)", and the fourth polynomial value obtained by the client host 120 is "f user (5)".

4. 客戶端主機120及伺服端主機130分別將數值零帶入自身選擇的第一多項式或第二多項式以計算出相應的第五多項式值,再將各自計算出的第五多項式值與橢圓曲線群的基點「G」相乘以各自計算出相應的交換數值和生成與密碼共享單元及伺服端共享單元相應的零知識證明(Zero-Knowledge Proofs)並相互交換。舉例來說,客戶端主機120計算出的第五多項式值為「f user(0) * G」、伺服端主機130計算出的第五多項式值為「f server(0) * G」,經過交換後,客戶端主機120會得到「f server(0) * G」,而伺服端主機130則會得到「f user(0) * G」。至此,客戶端主機120已得到「f user(3)」及「f server(0) * G」,伺服端主機130已得到「f user(5)」、「f server(5)」及「f user(0) * G」。 4. The client host 120 and the server host 130 respectively bring the value zero into the first polynomial or the second polynomial selected by themselves to calculate the corresponding fifth polynomial value, and then add the calculated first polynomial value to the second polynomial value. The value of the five polynomials is multiplied by the base point "G" of the elliptic curve group to calculate the corresponding exchange value, and the zero-knowledge proofs (Zero-Knowledge Proofs) corresponding to the cryptographic sharing unit and the server-side sharing unit are generated and exchanged with each other. For example, the fifth polynomial value calculated by the client host 120 is "f user (0) * G", and the fifth polynomial value calculated by the server host 130 is "f server (0) * G"", after the exchange, the client host 120 will get "f server (0) * G", and the server host 130 will get "f user (0) * G". So far, the client host 120 has obtained "f user (3)" and "f server (0) * G", and the server host 130 has obtained "f user (5)", "f server (5)" and "f" user (0) * G".

5. 客戶端主機120將自身計算出的第三多項式值設為客戶端共享單元,以及伺服端主機130將自身計算出的第三多項式值及接收到的第四多項式值相加以計算出相應的伺服端共享單元,並且驗證零知識證明和根據交換數值及客戶端主機120與伺服端主機130的伯克霍夫係數計算出與客戶端共享單元及伺服端共享單元相應的門檻式簽章公鑰。舉例來說,客戶端主機120會將「f user(3)」設為客戶端的共享單元,其與密碼共享單元「share-pw」相等,而伺服端主機130會將「f user(5)」加上「f server(5)」得到伺服端共享單元「s server」。至於公鑰的計算方式為「b userf user(0) * G + b serverf server(0) * G」,其中,b是指伯克霍夫係數。 5. The client host 120 sets the third polynomial value calculated by itself as the client shared unit, and the server host 130 sets the third polynomial value calculated by itself and the received fourth polynomial value Add up to calculate the corresponding server-side sharing unit, and verify the zero-knowledge proof and calculate the corresponding client-side sharing unit and the server-side sharing unit according to the exchange value and the Birkhoff coefficient of the client host 120 and the server host 130. Threshold signature public key. For example, the client host 120 will set "f user (3)" as the shared unit of the client, which is equal to the password sharing unit "share-pw", and the server host 130 will set "f user (5)" Add "f server (5)" to get the server-side shared unit "s server ". The calculation method of the public key is "b user f user (0) * G + b server f server (0) * G", where b refers to the Birkhoff coefficient.

儲存模組133連接金鑰模組131及第二運算模組132,用以儲存伺服端共享單元、k值、門檻式簽章公鑰、私鑰以及伺服端主機130及客戶端主機120的X座標與層級值。在實際實施上,儲存模組133可使用硬碟、光碟、非揮發性記憶體、資料庫等等來實現。The storage module 133 is connected to the key module 131 and the second operation module 132 for storing the server-side shared unit, the k value, the threshold signature public key, the private key, and the X of the server-side host 130 and the client host 120 Coordinates and level values. In practical implementation, the storage module 133 can be implemented by using a hard disk, an optical disk, a non-volatile memory, a database, and the like.

要補充說明的是,由於客戶端主機120不需要儲存任何資料,所以當客戶端主機120及伺服端主機130執行門檻式簽章時,客戶端主機120會提示輸入密碼且重新隨機選擇b值,並且將輸入的密碼帶入第一雜湊函式計算出的數值與重新選擇的b值相乘以重新生成P值,以及將重新生成的P值傳送至伺服端主機130,使伺服端主機130重新計算V值並傳送至客戶端主機120,再由客戶端主機120將密碼、重新生成的P值、重新選擇的b值的倒數與重新計算出的V值的乘積帶入第二雜湊函式以重新生成客戶端主機120的客戶端共享單元,再根據客戶端主機120重新生成的客戶端共享單元與伺服端主機130儲存的伺服端共享單元對交易雜湊訊息執行門檻式簽章。It should be added that since the client host 120 does not need to store any data, when the client host 120 and the server host 130 execute the threshold signature, the client host 120 will prompt to enter a password and randomly select the b value again. And bring the input password into the value calculated by the first hash function and multiply the reselected b value to regenerate the P value, and transmit the regenerated P value to the server host 130, so that the server host 130 regenerates the value. Calculate the V value and transmit it to the client host 120, and then the client host 120 takes the password, the regenerated P value, the product of the reciprocal of the reselected b value and the recalculated V value into the second hash function to obtain The client shared unit of the client host 120 is regenerated, and the threshold signature is performed on the transaction hash message according to the client shared unit regenerated by the client host 120 and the server shared unit stored by the server host 130 .

特別要說明的是,在實際實施上,本發明所述的模組皆可利用各種方式來實現,包含軟體、硬體或其任意組合,例如,在某些實施方式中,各模組可利用軟體及硬體或其中之一來實現,除此之外,本發明亦可部分地或完全地基於硬體來實現,例如,系統中的一個或多個模組可以透過積體電路晶片、系統單晶片(System on Chip, SoC)、複雜可程式邏輯裝置(Complex Programmable Logic Device, CPLD)、現場可程式邏輯閘陣列(Field Programmable Gate Array, FPGA)等來實現。本發明可以是系統、方法及/或電腦程式。電腦程式可以包括電腦可讀儲存媒體,其上載有用於使處理器實現本發明的各個方面的電腦可讀程式指令,電腦可讀儲存媒體可以是可以保持和儲存由指令執行設備使用的指令的有形設備。電腦可讀儲存媒體可以是但不限於電儲存設備、磁儲存設備、光儲存設備、電磁儲存設備、半導體儲存設備或上述的任意合適的組合。電腦可讀儲存媒體的更具體的例子(非窮舉的列表)包括:硬碟、隨機存取記憶體、唯讀記憶體、快閃記憶體、光碟、軟碟以及上述的任意合適的組合。此處所使用的電腦可讀儲存媒體不被解釋爲瞬時訊號本身,諸如無線電波或者其它自由傳播的電磁波、通過波導或其它傳輸媒介傳播的電磁波(例如,通過光纖電纜的光訊號)、或者通過電線傳輸的電訊號。另外,此處所描述的電腦可讀程式指令可以從電腦可讀儲存媒體下載到各個計算/處理設備,或者通過網路,例如:網際網路、區域網路、廣域網路及/或無線網路下載到外部電腦設備或外部儲存設備。網路可以包括銅傳輸電纜、光纖傳輸、無線傳輸、路由器、防火牆、交換器、集線器及/或閘道器。每一個計算/處理設備中的網路卡或者網路介面從網路接收電腦可讀程式指令,並轉發此電腦可讀程式指令,以供儲存在各個計算/處理設備中的電腦可讀儲存媒體中。執行本發明操作的電腦程式指令可以是組合語言指令、指令集架構指令、機器指令、機器相關指令、微指令、韌體指令、或者以一種或多種程式語言的任意組合編寫的原始碼或目的碼(Object Code),所述程式語言包括物件導向的程式語言,如:Common Lisp、Python、C++、Objective-C、Smalltalk、Delphi、Java、Swift、C#、Perl、Ruby與PHP等,以及常規的程序式(Procedural)程式語言,如:C語言或類似的程式語言。所述電腦程式指令可以完全地在電腦上執行、部分地在電腦上執行、作爲一個獨立的軟體執行、部分在客戶端電腦上部分在遠端電腦上執行、或者完全在遠端電腦或伺服器上執行。It should be noted that, in practice, the modules described in the present invention can be implemented in various ways, including software, hardware, or any combination thereof. For example, in some embodiments, each module can be implemented by using Software and hardware or one of them can be implemented. In addition, the present invention can also be implemented partially or completely based on hardware. For example, one or more modules in the system can be implemented through integrated circuit chips, system Single chip (System on Chip, SoC), Complex Programmable Logic Device (Complex Programmable Logic Device, CPLD), Field Programmable Gate Array (Field Programmable Gate Array, FPGA) etc. The present invention may be a system, method and/or computer program. The computer program may include a computer-readable storage medium on which computer-readable program instructions for causing a processor to implement various aspects of the present invention are loaded, and the computer-readable storage medium may be a tangible material that may hold and store instructions for use by the instruction execution device equipment. Computer-readable storage media can be, but are not limited to, electrical storage devices, magnetic storage devices, optical storage devices, electromagnetic storage devices, semiconductor storage devices, or any suitable combination of the foregoing. More specific examples (a non-exhaustive list) of computer-readable storage media include: hard disks, random access memory, read-only memory, flash memory, optical disks, floppy disks, and any suitable combination of the foregoing. Computer-readable storage media, as used herein, are not to be construed as transient signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through waveguides or other transmission media (eg, optical signals through fiber optic cables), or through electrical wires. transmitted electrical signals. Additionally, the computer-readable program instructions described herein may be downloaded from computer-readable storage media to various computing/processing devices, or downloaded over a network such as the Internet, a local area network, a wide area network, and/or a wireless network to an external computer device or external storage device. Networks may include copper transmission cables, fiber optic transmissions, wireless transmissions, routers, firewalls, switches, hubs and/or gateways. The network card or network interface in each computing/processing device receives computer-readable program instructions from the network and forwards the computer-readable program instructions for storage on the computer-readable storage medium in each computing/processing device middle. The computer program instructions that perform the operations of the present invention may be assembled language instructions, instruction set architecture instructions, machine instructions, machine dependent instructions, microinstructions, firmware instructions, or source or object code written in any combination of one or more programming languages (Object Code), the programming language includes object-oriented programming languages, such as: Common Lisp, Python, C++, Objective-C, Smalltalk, Delphi, Java, Swift, C#, Perl, Ruby and PHP, etc., as well as conventional programs Procedural programming language, such as: C language or similar programming language. The computer program instructions may execute entirely on the computer, partly on the computer, as a stand-alone software, partly on the client computer and partly on the remote computer, or entirely on the remote computer or server execute on.

請參閱「第2A圖」及「第2B圖」,「第2A圖」及「第2B圖」為本發明基於輸入密碼的門檻式簽章方法之方法流程圖,應用在包含多個節點的區塊鏈網路100,其步驟包括:提供作為區塊鏈網路100的節點的公正端主機110、客戶端主機120及伺服端主機130,所述客戶端主機120及伺服端主機130皆由公正端主機110預先分配相應的X座標及層級值(步驟211);客戶端主機120允許輸入密碼及隨機選擇b值,並且將密碼帶入第一雜湊函式計算出的數值與b值相乘以生成P值,以及將此P值傳送至伺服端主機130(步驟212);伺服端主機130接收到P值之後,生成非對稱式的私鑰及其相應的公鑰,並且隨機選擇k值,再將k值與P值的乘積作為V值,以及將公鑰及V值傳送至客戶端主機120(步驟213);客戶端主機120在接收到V值後,將密碼、P值及b值的倒數與V值的乘積帶入第二雜湊函式計算出的整數值作為客戶端主機120持有且對應所述密碼的密碼共享單元(步驟214);客戶端主機120及伺服端主機130以安全多方計算執行分散式金鑰生成函式,將門檻式簽章的t值、n值及各自的層級值帶入分散式金鑰生成函式以生成客戶端主機120的客戶端共享單元及伺服端主機130的伺服端共享單元,其中客戶端共享單元等於密碼共享單元,以及生成與客戶端共享單元及伺服端共享單元相應的門檻式簽章公鑰(步驟215);伺服端主機130儲存伺服端共享單元、k值、門檻式簽章公鑰、私鑰以及伺服端主機130及客戶端主機120的X座標與層級值(步驟216);以及當執行門檻式簽章時,客戶端主機120提示輸入密碼且重新隨機選擇b值,並且將輸入的密碼帶入第一雜湊函式計算出的數值與重新選擇的b值相乘以重新生成P值,以及將重新生成的P值傳送至伺服端主機130,使伺服端主機130重新計算V值並傳送至客戶端主機120,再由客戶端主機120將密碼、重新生成的P值、重新選擇的b值的倒數與重新計算出的V值的乘積帶入第二雜湊函式以重新生成客戶端主機120的客戶端共享單元,再根據客戶端主機120重新生成的客戶端共享單元與伺服端主機130儲存的伺服端共享單元對交易雜湊訊息執行門檻式簽章(步驟217)。透過上述步驟,即可透過公正端主機110為客戶端主機120及伺服端主機130分配X座標及層級值,並且允許在客戶端主機120設定密碼後,使客戶端主機120及伺服端主機130基於安全多方計算執行分散式金鑰生成函式,用以根據密碼、X座標及層級值生成與密碼相應的共享單元並儲存在伺服端主機130,當執行門檻式簽章時,僅需在客戶端主機120輸入密碼即可在客戶端主機120重新產生與密碼相應的共享單元,並且與儲存在伺服端主機130的共享單元共同執行門檻式簽章。Please refer to "Fig. 2A" and "Fig. 2B", "Fig. 2A" and "Fig. 2B" are flow charts of the method of the threshold-type signature method based on the input password of the present invention, which is applied to a region including a plurality of nodes The steps of the blockchain network 100 include: providing a fair host 110, a client host 120 and a server host 130 as nodes of the blockchain network 100, and the client host 120 and the server host 130 are all provided by fair The end host 110 pre-assigns the corresponding X coordinate and level value (step 211 ); the client host 120 allows the input of the password and randomly selects the b value, and brings the password into the value calculated by the first hash function and multiplies the b value by Generate a P value, and transmit the P value to the server host 130 (step 212 ); after receiving the P value, the server host 130 generates an asymmetric private key and its corresponding public key, and randomly selects the k value, Then the product of the k value and the P value is used as the V value, and the public key and the V value are transmitted to the client host 120 (step 213 ); after the client host 120 receives the V value, the password, the P value and the b value are sent to the client host 120 . The product of the reciprocal of V and the value of V is brought into the integer value calculated by the second hash function as the password sharing unit held by the client host 120 and corresponding to the password (step 214 ); the client host 120 and the server host 130 use The secure multi-party computation executes the distributed key generation function, and brings the t value, n value and the respective level values of the threshold signature into the distributed key generation function to generate the client shared unit and the server of the client host 120 The server-side sharing unit of the end host 130, wherein the client-side sharing unit is equal to the password sharing unit, and generates a threshold-type signature public key corresponding to the client-side sharing unit and the server-side sharing unit (step 215); the server-side host 130 stores the server end-shared unit, k value, threshold signature public key, private key, and X-coordinate and level value of server end host 130 and client host 120 (step 216 ); and when threshold signature is performed, client host 120 Prompt for a password and re-select the b value randomly, and take the entered password into the first hash function The calculated value is multiplied by the re-selected b value to regenerate the P value, and transmit the regenerated P value to the servo The end host 130 makes the server end host 130 recalculate the V value and transmit it to the client host 120, and then the client host 120 calculates the password, the regenerated P value, the reciprocal of the reselected b value, and the recalculated V value. The product of , is brought into the second hash function to regenerate the client shared unit of the client host 120 , and the transaction hash message is then hashed according to the client shared unit regenerated by the client host 120 and the server shared unit stored by the server host 130 Threshold signature is performed (step 217). Through the above steps, the client host 120 and the server host 130 can be assigned the X coordinate and the level value through the fair host 110, and after the client host 120 sets the password, the client host 120 and the server host 130 can be based on the The secure multi-party computation executes the distributed key generation function to generate the shared unit corresponding to the password according to the password, the X coordinate and the level value and store it in the server host 130. When the threshold signature is executed, only the client The host 120 can regenerate the shared unit corresponding to the password on the client host 120 by inputting the password, and jointly execute the threshold signature with the shared unit stored in the server host 130 .

以下配合「第3圖」及「第4圖」以實施例的方式進行如下說明,請參閱「第3圖」,「第3圖」為應用本發明於客戶端主機設定密碼與輸入密碼進行簽章之示意圖。初始時,公正端主機110會為每一個參與運算的節點分配X座標及其對應的層級值,例如:客戶端主機120分配到的X座標為數值3且層級值為數值0;伺服端主機130分配到的X座標為數值5且層級值為數值0。The following description will be given in the form of an embodiment in conjunction with "Fig. 3" and "Fig. 4", please refer to "Fig. 3", "Fig. 3" is the application of the present invention to the client host to set a password and enter a password to sign Schematic diagram of the chapter. Initially, the fair-side host 110 will assign an X coordinate and its corresponding level value to each node participating in the operation. For example, the X-coordinate assigned by the client host 120 is a value of 3 and the level value is a value of 0; the server-side host 130 The assigned X coordinate is value 5 and the level value is value 0.

客戶端主機120允許使用者在生成視窗300的輸入區塊310中輸入自訂的密碼以生成相應的共享單元,當使用者點選生成共享單元按鍵320時,客戶端主機120會隨機選擇一個數值(即:b值),例如:數值8。此時,客戶端主機將計算P值,如:「P = Hash(password) * 8」。其中,「password」代表使用者在輸入區塊310中輸入的密碼,「Hash( )」代表第一雜湊函式,當執行第一雜湊函式並帶入密碼且與b值相乘後即可得到P值。在計算出P值之後,客戶端主機120會將P值傳送至伺服端主機130,使伺服端主機130生成非對稱式的私鑰及其相應的公鑰,並且隨機選擇k值,再將此k值與P值的乘積作為V值。舉例來說,假設K值為數值100,則V值的計算方式為「V = 100 * P」)。然後,再將公鑰及V值傳送至客戶端主機。The client host 120 allows the user to input a custom password in the input block 310 of the generation window 300 to generate the corresponding shared unit. When the user clicks the generate shared unit button 320, the client host 120 will randomly select a value (ie: b value), for example: the value 8. At this point, the client host will calculate the P value, such as: "P = Hash(password) * 8". Among them, "password" represents the password entered by the user in the input block 310, and "Hash( )" represents the first hash function. When the first hash function is executed and the password is brought in, it can be multiplied by the b value. Get a P value. After calculating the P value, the client host 120 transmits the P value to the server host 130, so that the server host 130 generates an asymmetric private key and its corresponding public key, and randomly selects the k value, and then uses the The product of the k value and the P value is used as the V value. For example, if the value of K is 100, the value of V is calculated as "V = 100 * P"). Then, the public key and V value are transmitted to the client host.

當客戶端主機120接收到來自伺服端主機130的V值後,根據密碼、P值及b值與接收到的V值的乘積執行第二雜湊函式以生成整數值作為自身的共享單元。舉例來說,計算方式為「share-pw = Hash’(pw,P,8 -1* V)」。其中,「share-pw」代表與密碼相應的共享單元(即:密碼共享單元);「Hash’()」代表另一個雜湊函式(即:第二雜湊函式);「pw」代表輸入的密碼;「P」代表P值;「8 -1」代表b值的倒數;「V」代表V值。在實際實施上,可以使用伺服端主機130提供的公鑰對自己的密碼加密後,儲存在異地(如:雲端硬碟)作為備份使用。 After the client host 120 receives the V value from the server host 130, it executes the second hash function according to the product of the password, the P value, and the b value and the received V value to generate an integer value as its own shared unit. For example, the calculation method is "share-pw = Hash'(pw,P,8 -1 * V)". Among them, "share-pw" represents the shared unit corresponding to the password (ie: password sharing unit); "Hash'()" represents another hash function (ie: the second hash function); "pw" represents the input Password; "P" represents the P value; " 8-1 " represents the reciprocal of the b value; "V" represents the V value. In actual implementation, the public key provided by the server host 130 may be used to encrypt your own password, and then store it in a different place (eg, a cloud hard disk) as a backup.

接著,客戶端主機120隨機選擇一個多項式(即:第一多項式「f user(x)」),這個第一多項式的最高次數為門檻式簽章的門檻值(即:t值)減數值1。舉例來說,假設門檻值為數值「2」,則第一多項式的最高次數為數值「1」,代表第一多項式為一次多項式。除此之外,將X座標帶入此第一多項式計算出的多項式值(即:第一多項式值)需要與所述密碼共享單元相等,以X座標為數值3為例,第一多項式滿足「f user(3) = share-pw」。另外,伺服端主機130也會隨機選擇一個多項式(即:第二多項式「f server(x)」),這個第二多項式的最高次數同樣為門檻值減數值1,並且滿足將客戶端主機120的X座標帶入第二多項式計算出的多項式值(即:第二多項式值)為數值零,同樣以X座標為數值3為例,其代表「f server(3) = 0」。 Next, the client host 120 randomly selects a polynomial (ie: the first polynomial "f user (x)"), and the highest degree of the first polynomial is the threshold value of the threshold signature (ie: t value) Subtract the value by 1. For example, assuming that the threshold value is a value of "2", the highest degree of the first polynomial is a value of "1", which means that the first polynomial is a first-order polynomial. In addition, the polynomial value calculated by bringing the X coordinate into the first polynomial (ie: the first polynomial value) needs to be equal to the password sharing unit. Taking the X coordinate as the value of 3 as an example, the first A polynomial satisfies "f user (3) = share-pw". In addition, the server host 130 will also randomly select a polynomial (ie: the second polynomial "f server (x)"), the highest degree of the second polynomial is also the threshold value minus 1, and it satisfies the client The X coordinate of the end host 120 is brought into the second polynomial and the calculated polynomial value (that is, the second polynomial value) is zero. Similarly, taking the X coordinate as the value 3 as an example, it represents "f server (3) = 0".

接下來,客戶端主機120與伺服端主機130會將自己的X座標帶入自身選擇的多項式取值(即:第三多項式值),以及執行安全多方計算相互交換自身的X座標,以便將對方的X座標帶入自身選擇的多項式取值(即:第四多項式值),同時還會將數值零帶入自身選擇的多項式取值(即:第五多項式值),再將第五多項式值與橢圓曲線群的基點「G」相乘以計算出交換數值(即:「f user(0) * G 」和「f server(0) * G」)和生成與密碼共享單元及伺服端共享單元相應的零知識證明並相互交換。在這個例子中,執行安全多方計算的客戶端主機120會得到「f user(3)」及「f server(0) * G」;伺服端主機130會得到「f user(5)」、「f server(5)」及「f user(0) * G」。 Next, the client host 120 and the server host 130 will bring their own X-coordinates into the polynomial value (ie, the third polynomial value) selected by themselves, and perform secure multi-party computation to exchange their own X-coordinates with each other, so that Bring the X coordinate of the opponent into the polynomial value of your choice (ie: the fourth polynomial value), and also bring the value zero into the polynomial value of your choice (ie: the fifth polynomial value), and then Multiply the fifth polynomial value by the base point "G" of the elliptic curve group to calculate the exchange value (ie: "f user (0) * G " and "f server (0) * G") and generate and password The corresponding zero-knowledge proofs of the shared unit and the server-side shared unit are exchanged with each other. In this example, the client host 120 performing secure multi-party computation will get "f user (3)" and "f server (0) * G"; the server host 130 will get "f user (5)", "f server (5)” and “f user (0) * G”.

當客戶端主機120得到第三多項式值及交換數值,伺服端主機130得到第三多項式值、第四多項式值及交換數值後,客戶端主機120將第三多項式值設為客戶端共享單元,伺服端主機130將第三多項式值與接收到的第四多項式值相加以計算出相應的伺服端共享單元,並且客戶端主機120和伺服端主機130驗證零知識證明和根據交換數值及伯克霍夫係數計算出與共享單元相應的公鑰(即:門檻式簽章公鑰)。舉例來說,客戶端主機120計算出的共享單元(即:客戶端共享單元)為「f user(3)」;伺服端主機130計算出的共享單元(即:伺服端共享單元)為「f user(5) + f server(5)」;門檻式簽章公鑰為「b userf user(0) * G + b serverf server(0) * G」。其中,「b user」與「b server」是指伯克霍夫係數。 After the client host 120 obtains the third polynomial value and the exchange value, and the server host 130 obtains the third polynomial value, the fourth polynomial value and the exchange value, the client host 120 sends the third polynomial value to the exchange value. As a client shared unit, the server host 130 adds the third polynomial value and the received fourth polynomial value to calculate the corresponding server shared unit, and the client host 120 and the server host 130 verify Zero-knowledge proof and calculation of the public key corresponding to the shared unit (ie: threshold signature public key) according to the exchange value and Birkhoff coefficient. For example, the shared unit (ie, the client shared unit) calculated by the client host 120 is "f user (3)"; the shared unit (ie, the server shared unit) calculated by the server host 130 is "f user (3)" user (5) + f server (5)”; the threshold-type signature public key is “b user f user (0) * G + b server f server (0) * G”. Among them, "b user " and "b server " refer to the Birkhoff coefficient.

此時,伺服端主機130會儲存伺服端主機130的共享單元「s server」、K值、門檻式簽章公鑰、用於解密密碼的私鑰及所有X座標及其相應的層級值,而客戶端主機120則不需要儲存任何資料,實際上,也可以將自己使用公鑰加密的密碼傳送至雲端作為備份使用。至此,伺服端主機130便具有相應於密碼的共享單元,即:伺服端共享單元,能夠在客戶端主機120也具有相應於密碼的客戶端共享單元時,共同對交易雜湊訊息進行簽章。 At this time, the server host 130 will store the shared unit “s server ” of the server host 130 , the K value, the threshold signature public key, the private key used to decrypt the password, and all the X coordinates and their corresponding level values, and The client host 120 does not need to store any data. In fact, the client host 120 can also transmit its own password encrypted with the public key to the cloud for backup use. So far, the server host 130 has a shared unit corresponding to the password, that is, the server shared unit, which can jointly sign the transaction hash message when the client host 120 also has a client shared unit corresponding to the password.

當客戶端主機120要與伺服端主機130進行門檻式簽章時,會在客戶端主機120顯示簽章視窗350提示使用者在輸入區塊360中輸入先前設定的密碼,當使用者輸入密碼且點選簽章元件370時,客戶端主機120會重新隨機選擇b值,例如:數值10。然後,客戶端主機會將使用者在輸入區塊360中輸入的密碼帶入第一雜湊函式,並且將計算出的數值與重新隨機選擇的b值相乘,用以重新生成P值(即:「P = Hash(password) * 10」),並且將重新生成的P值傳送至伺服端主機130,以便伺服端主機130根據k值(在上例中,k值假設為數值100)及接收到的P值重新計算V值(即:「V = 100 * P」)。接下來,伺服端主機130除了將重新計算出的V值傳送至伺服端主機130之外,還可將儲存的客戶端主機120的X座標(x user)及門檻式簽章公鑰傳送至客戶端主機120。 When the client host 120 and the server host 130 need to perform a threshold signature, a signature window 350 will be displayed on the client host 120 to prompt the user to input the previously set password in the input block 360. When the user enters the password and When the signature element 370 is clicked, the client host 120 will randomly select the b value, for example, the value of 10. Then, the client host takes the password entered by the user in the input block 360 into the first hash function, and multiplies the calculated value by the re-randomly selected b value to regenerate the P value (ie : "P = Hash(password) * 10"), and transmits the regenerated P value to the server host 130, so that the server host 130 receives and receives the value of k according to the value of k (in the above example, the value of k is assumed to be a value of 100) The obtained P value recalculates the V value (ie: "V = 100 * P"). Next, the server host 130 not only transmits the recalculated V value to the server host 130 , but also transmits the stored X coordinate (x user ) of the client host 120 and the threshold signature public key to the client end host 120.

當客戶端主機120自伺服端主機130接收到其重新計算的V值後,便將密碼、重新生成的P值、重新選擇的b值及伺服端主機130重新計算出的V值帶入第二雜湊函式以重新生成客戶端主機120的共享單元(即:客戶端共享單元)。如此一來,客戶端主機120即可使用重新生成的共享單元,搭配儲存在伺服端主機130與此密碼相應的共享單元,即:伺服端共享單元「s server」,執行安全多方計算以對交易雜湊訊息執行門檻式簽章。 After the client host 120 receives its recalculated V value from the server host 130, it brings the password, the regenerated P value, the reselected b value, and the V value recalculated by the server host 130 into the second Hash function to regenerate the shared unit of client host 120 (ie: client shared unit). In this way, the client host 120 can use the regenerated shared unit to match the shared unit stored in the server host 130 corresponding to the password, that is, the server shared unit "s server ", to perform secure multi-party computation for transactions. Hash messages are subject to threshold signatures.

如「第4圖」所示意,「第4圖」為應用本發明於客戶端主機更改密碼及其相應的客戶端共享單元與伺服端共享單元之示意圖。在實際實施上,客戶端主機120及伺服端主機130允許基於安全多方計算執行一個更換密碼函式,用以將舊密碼更換為新密碼。舉例來說,當使用者欲更換密碼時,客戶端主機120允許在更換密碼視窗400輸入舊密碼及新密碼,例如:在輸入區塊410輸入舊密碼,以及在輸入區塊420輸入新密碼。接著,使用者點選確定元件430後,客戶端主機120會隨機選擇兩個數值,即:b1值及b2值。假設選擇數值10和數值8之後,客戶端主機120分別將新密碼及舊密碼帶入第一雜湊函式,用以分別計算出舊P值(即:「P old= Hash(password old) * 10」)和新P值(即:「P new= Hash(password new) * 8」),並且將計算結果傳送至伺服端主機130。 As shown in "Fig. 4", "Fig. 4" is a schematic diagram of applying the present invention to a client host to change a password and its corresponding client-side sharing unit and server-side sharing unit. In practice, the client host 120 and the server host 130 are allowed to execute a password change function based on secure multi-party computation to replace the old password with the new password. For example, when the user wants to change the password, the client host 120 allows to input the old password and the new password in the password change window 400 , for example, input the old password in the input block 410 and input the new password in the input block 420 . Next, after the user clicks the determining element 430, the client host 120 randomly selects two values, ie, the b1 value and the b2 value. Suppose that after selecting the value of 10 and the value of 8, the client host 120 respectively brings the new password and the old password into the first hash function to calculate the old P value respectively (ie: "P old = Hash(password old ) * 10 ) ") and the new P value (ie: "P new = Hash(password new ) * 8"), and transmit the calculation result to the server host 130 .

之後,伺服端主機130根據客戶端主機120的舊k值「k old」(在上例中,假設為數值100)和舊P值計算出舊V值(V old= 100 * P old),並且隨機生成新k值「k new」(假設為數值200),用以根據新P值和新k值計算出新V值(V new= 200 * P new)。然後,將舊V值、新V值和公鑰傳送給客戶端主機120。 After that, the server host 130 calculates the old V value (V old = 100 * P old ) according to the old k value “k old ” (in the above example, it is assumed to be a value of 100) and the old P value of the client host 120 , and A new k value "k new " (assuming a value of 200) is randomly generated to calculate a new V value (V new = 200 * P new ) based on the new P value and the new k value. Then, the old V value, the new V value and the public key are communicated to the client host 120 .

接著,在客戶端主機120收到舊V值和新V值之後,將舊密碼、舊P值及b1值「10」的倒數與舊V值的乘積帶入第二雜湊函式以計算出舊共享單元(即:「share-pw old= Hash’(pw old, P old, 10 -1* V old)」),以及將新密碼、新P值及b2值「8」的倒數與新V值的乘積帶入第二雜湊函式以計算出新共享單元(即:「share-pw new= Hash’(pw new, P new, 8 -1* V new)」)。 Next, after the client host 120 receives the old V value and the new V value, the old password, the old P value, and the product of the reciprocal of the b1 value "10" and the old V value are brought into the second hash function to calculate the old V value. shared unit (ie: "share-pw old = Hash'(pw old , P old , 10 -1 * V old )"), and the new password, the new P value and the inverse of the b2 value "8" with the new V value The product of is taken into the second hash function to calculate the new shared unit (ie: "share-pw new = Hash'(pw new , P new , 8 -1 * V new )").

接下來,客戶端主機120隨機選擇一個t-1次的多項式「f user(x) = ((share-pw new– b user* share-pw old) / 3) * (x - 3) + share-pw new」。同樣地,伺服端主機130也隨機選擇一個t-1次的多項式「f server(x) = - (b server* s server) / 3) * (x - 3)」,其中「t」是指t值或稱為門檻值。然後,客戶端主機120和伺服端主機130將對方的X座標帶入自身選擇的多項式取值(即:第四多項式值),同時還會將數值零帶入自身選擇的多項式取值(即:第五多項式值),再將第五多項式值與橢圓曲線群的基點「G」相乘以計算出相應的交換數值(即:「f user(0) * G 」和「f server(0) * G」), 並且相互交換計算出的第四多項式值、交換數值,以及將相應舊密碼的共享單元與基點「G」的乘積(即:「share-pw old* G」)傳送至伺服端主機130,並且客戶端會生成關於「share-pw old」和「share-pw new」的零知識證明和伺服端會生成關於「s server」的零知識證明以確保雙方是知道各自的秘密,即:「share-pw old」、「share-pw new」和「s server」(這邊可使用標準的 Schnorr protocol 達到這個目的)。在這個例子中,執行安全多方計算的客戶端主機120會得到「f user(3)」及「f server(0) * G」 和兩個關於「share-pw old」和「share-pw new」的零知識證明;伺服端主機130會得到「f user(5)」、「f server(5)」、「f user(0) * G」及「share-pw old* G」和關於「s server」的零知識證明。 Next, the client host 120 randomly selects a polynomial of degree t-1 "f user (x) = ((share-pw new - b user * share - pw old ) / 3) * (x - 3) + share - pw new ". Similarly, the server host 130 also randomly selects a polynomial of degree t-1 "f server (x) = - (b server * s server ) / 3) * (x - 3)", where "t" refers to t value or threshold value. Then, the client host 120 and the server host 130 bring the X coordinate of each other into the polynomial value selected by themselves (ie: the fourth polynomial value), and also bring the value zero into the polynomial value selected by themselves ( That is: the fifth polynomial value), and then multiply the fifth polynomial value by the base point "G" of the elliptic curve group to calculate the corresponding exchange value (ie: "f user (0) * G " and " f server (0) * G"), and exchange the calculated fourth polynomial value, the exchange value, and the product of the shared unit of the corresponding old cipher with the base point "G" (ie: "share-pw old * G") is sent to the server host 130, and the client will generate a zero-knowledge proof about "share-pw old " and "share-pw new " and the server will generate a zero-knowledge proof about "s server " to ensure that both parties Is to know their own secrets, namely: "share-pw old ", "share-pw new " and "s server " (the standard Schnorr protocol can be used here for this purpose). In this example, a client host 120 performing secure multiparty computation would get "f user (3)" and "f server (0) * G" and two for "share-pw old " and "share-pw new " The zero - knowledge proof of ” zero-knowledge proof.

當客戶端主機120和伺服端主機130獲得上述計算結果後,客戶端主機120將「f user(3)」設為新密碼相應的新共享單元,即:客戶端新共享單元「share-pw new」;伺服端主機130將「f user(5)」與「f server(5)」加總計算出伺服端主機130的新共享單元,即:伺服端新共享單元「s server-new」。同時,客戶端主機120和伺服端主機130會計算新的門檻式簽章公鑰(即:新門檻式簽章公鑰),計算方式為「b userf user(0) * G + b serverf server(0) * G」,其中,「b user」和「b server」分別為客戶端主機120和伺服端主機130的伯克霍夫係數,而驗證門檻式簽章公鑰的方式可根據「b1 * share-pw old* G + b2 * s server* G」的值及 「b1 * share-pw new* G + b2 * s server-new* G」的值來判斷,其中,「b1」與「b2」是對應可計算的伯克霍夫係數及各自驗證收到的零知識證明。至此,只要沒有人同時知道客戶端主機120和伺服端主機130的兩個共享單元,則置換過密碼後,可以讓原本擁有的單一共享單元都失效。 After the client host 120 and the server host 130 obtain the above calculation results, the client host 120 sets "f user (3)" as a new shared unit corresponding to the new password, that is, the client new shared unit "share-pw new "”; the server host 130 adds up “f user (5)” and “f server (5)” to calculate a new shared unit of the server host 130 , that is, a new server shared unit “s server-new ”. At the same time, the client host 120 and the server host 130 will calculate a new threshold-type signature public key (ie: a new threshold-type signature public key), and the calculation method is "b user f user (0) * G + b server f server (0) * G", where "b user " and "b server " are the Birkhoff coefficients of the client host 120 and the server host 130, respectively, and the method of verifying the threshold signature public key can be based on " b1 * share-pw old * G + b2 * s server * G" and "b1 * share-pw new * G + b2 * s server-new * G", where "b1" and "b2" is the corresponding computable Birkhoff coefficient and the zero-knowledge proof received by the respective verification. So far, as long as no one knows the two shared units of the client host 120 and the server host 130 at the same time, after the password is replaced, the originally owned single shared unit can be invalidated.

換句話說,客戶端主機120及伺服端主機130允許基於安全多方計算執行的更換密碼函式,其可包含下列步驟:In other words, the client host 120 and the server host 130 allow a secure multi-party computation-based replacement password function, which may include the following steps:

1. 客戶端主機120提示輸入密碼及新密碼,並且隨機選擇b1值及b2值,再將密碼帶入第一雜湊函式且與b1值相乘以計算出舊P值,以及將新密碼帶入第一雜湊函式且與b2值相乘以計算出新P值,並且將舊P值及新P值傳送至伺服端主機130。1. The client host 120 prompts for a password and a new password, and randomly selects the b1 value and the b2 value, then takes the password into the first hash function and multiplies the b1 value to calculate the old P value, and adds the new password to the first hash function. Enter the first hash function and multiply the b2 value to calculate the new P value, and transmit the old P value and the new P value to the server host 130 .

2. 伺服端主機130將k值與舊P值相乘以計算出舊V值,以及將隨機產生的新k值與新P值相乘以計算出新V值,並且傳送舊V值、新V值及公鑰至客戶端主機120。2. The server host 130 multiplies the k value and the old P value to calculate the old V value, and multiplies the randomly generated new k value and the new P value to calculate the new V value, and transmits the old V value, the new The V value and the public key are sent to the client host 120 .

3. 客戶端主機120將密碼、舊P值、b1值的倒數與舊V值的乘積帶入第二雜湊函式以計算出舊密碼共享單元,以及將新密碼、新P值、b2值的倒數與新V值的乘積帶入第二雜湊函式以計算出新密碼共享單元。3. The client host 120 takes the product of the password, the old P value, the reciprocal of the b1 value and the old V value into the second hash function to calculate the old password sharing unit, and combines the new password, the new P value, and the b2 value. The product of the reciprocal and the new value of V is brought into the second hash function to calculate the new cryptographic sharing unit.

4. 客戶端主機120及伺服端主機130將舊密碼共享單元、新密碼共享單元、門檻式簽章的t值、n值及各自的層級值帶入分散式金鑰生成函式以生成客戶端主機120的客戶端新共享單元及伺服端主機130的伺服端新共享單元,並且以伺服端新共享單元取代原本的伺服端共享單元,以及生成與客戶端新共享單元及伺服端新共享單元相應的新門檻式簽章公鑰。4. The client host 120 and the server host 130 bring the old password sharing unit, the new password sharing unit, the t value, n value of the threshold signature, and their respective level values into the distributed key generation function to generate the client The client new shared unit of the host 120 and the server new shared unit of the server host 130, and the original server shared unit is replaced with the server new shared unit, and the new shared unit of the client and the new shared unit of the server are generated corresponding to The new threshold signing public key for .

綜上所述,可知本發明與先前技術之間的差異在於透過公正端主機為客戶端主機及伺服端主機分配X座標及層級值,並且允許在客戶端主機設定密碼後,使客戶端主機及伺服端主機基於安全多方計算執行分散式金鑰生成函式,用以根據密碼、X座標及層級值生成與密碼相應的共享單元並儲存在伺服端主機,當執行門檻式簽章時,僅需在客戶端主機輸入密碼即可在客戶端主機重新產生與密碼相應的共享單元,並且與儲存在伺服端主機的共享單元共同執行門檻式簽章,藉由此一技術手段可以解決先前技術所存在的問題,進而在不生成私鑰的情況下,達成提高區塊鏈錢包的交易安全性及管理便利性之技術功效。From the above, it can be seen that the difference between the present invention and the prior art is that the client host and the server host are assigned the X coordinate and the level value through the fair end host, and after the client host sets a password, the client host and the The server-side host executes the distributed key generation function based on secure multi-party computation to generate a shared unit corresponding to the password according to the password, X-coordinate and level value and store it on the server-side host. Entering the password on the client host can regenerate the shared unit corresponding to the password on the client host, and jointly execute the threshold-type signature with the shared unit stored in the server host. This technical means can solve the existing problems in the prior art. Therefore, the technical effect of improving the transaction security and management convenience of the blockchain wallet can be achieved without generating a private key.

雖然本發明以前述之實施例揭露如上,然其並非用以限定本發明,任何熟習相像技藝者,在不脫離本發明之精神和範圍內,當可作些許之更動與潤飾,因此本發明之專利保護範圍須視本說明書所附之申請專利範圍所界定者為準。Although the present invention is disclosed above by the aforementioned embodiments, it is not intended to limit the present invention. Anyone who is familiar with the similar arts can make some changes and modifications without departing from the spirit and scope of the present invention. The scope of patent protection shall be determined by the scope of the patent application attached to this specification.

100:區塊鏈網路 110:公正端主機 120:客戶端主機 121:第一生成模組 122:第二生成模組 123:第一運算模組 130:伺服端主機 131:金鑰模組 132:第二運算模組 133:儲存模組 300:生成視窗 310:輸入區塊 320:生成共享單元按鍵 350:簽章視窗 360:輸入區塊 370:簽章元件 400:更換密碼視窗 410,420:輸入區塊 430:確定元件 步驟211:提供作為區塊鏈網路的節點的一公正端主機、一客戶端主機及一伺服端主機,該客戶端主機及該伺服端主機皆由該公正端主機預先分配相應的一X座標及一層級值 步驟212:該客戶端主機允許輸入一密碼及隨機選擇一b值,並且將該密碼帶入一第一雜湊函式計算出的數值與該b值相乘以生成一P值,以及將該P值傳送至該伺服端主機 步驟213:該伺服端主機接收到該P值之後,生成非對稱式的一私鑰及其相應的一公鑰,並且隨機選擇一k值,再將該k值與該P值的乘積作為一V值,以及將該公鑰及該V值傳送至該客戶端主機 步驟214:該客戶端主機在接收到該V值後,將該密碼、該P值及該b值的倒數與該V值的乘積帶入一第二雜湊函式計算出的整數值作為該客戶端主機持有且對應該密碼的一密碼共享單元 步驟215:該客戶端主機及該伺服端主機以安全多方計算(Secure Multi-Party Computation, MPC)執行一分散式金鑰生成函式,將門檻式簽章的一t值、一n值及各自的該層級值帶入該分散式金鑰生成函式以生成該客戶端主機的一客戶端共享單元及該伺服端主機的一伺服端共享單元,其中該客戶端共享單元等於該密碼共享單元,以及生成與該客戶端共享單元及該伺服端共享單元相應的一門檻式簽章公鑰 步驟216:該伺服端主機儲存該伺服端共享單元、該k值、該門檻式簽章公鑰、該私鑰以及該伺服端主機及該客戶端主機的該X座標與該層級值 步驟217:當執行門檻式簽章時,該客戶端主機提示輸入該密碼且重新隨機選擇該b值,並且將輸入的該密碼帶入該第一雜湊函式計算出的數值與重新選擇的該b值相乘以重新生成該P值,以及將重新生成的該P值傳送至該伺服端主機,使伺服端主機重新計算該V值並傳送至該客戶端主機,再由該客戶端主機將該密碼、重新生成的該P值、重新選擇的該b值的倒數與重新計算出的該V值的乘積帶入該第二雜湊函式以重新生成該客戶端主機的該客戶端共享單元,再根據該客戶端主機重新生成的該客戶端共享單元與該伺服端主機儲存的該伺服端共享單元對一交易雜湊訊息執行門檻式簽章100: Blockchain Network 110: Fair end host 120: client host 121: The first generation module 122: Second Generation Module 123: The first operation module 130: Server host 131: Key Module 132: The second operation module 133: Storage Module 300: Generate viewport 310: Input block 320: Generate shared unit keys 350:Signature window 360: input block 370:Signature element 400: Change password window 410,420: Input block 430: Determine Components Step 211: Provide a fair host, a client host and a server host as nodes of the blockchain network, the client host and the server host are pre-assigned a corresponding X coordinate by the fair host and one-level value Step 212: The client host allows input of a password and randomly selects a b value, and takes the password into a value calculated by a first hash function and multiplies the b value to generate a P value, and the P value sent to the server host Step 213: After the server host receives the P value, it generates an asymmetric private key and a corresponding public key, and randomly selects a k value, and then uses the product of the k value and the P value as a V value, and transmitting the public key and the V value to the client host Step 214: After receiving the V value, the client host takes the password, the product of the reciprocal of the P value and the b value and the V value into an integer value calculated by a second hash function as the client A cipher sharing unit held by the end host and corresponding to the cipher Step 215: The client host and the server host execute a distributed key generation function through Secure Multi-Party Computation (MPC), and generate a value t, a value n of the threshold signature and their respective The level value of is brought into the distributed key generation function to generate a client shared unit of the client host and a server shared unit of the server host, wherein the client shared unit is equal to the cryptographic shared unit, and generating a threshold-type signature public key corresponding to the client-side sharing unit and the server-side sharing unit Step 216: The server host stores the server shared unit, the k value, the threshold signature public key, the private key, the X coordinate and the level value of the server host and the client host Step 217: When the threshold signature is executed, the client host prompts for the password and re-selects the b value randomly, and brings the entered password into the value calculated by the first hash function and the re-selected value of b. The b value is multiplied to regenerate the P value, and the regenerated P value is transmitted to the server host, so that the server host recalculates the V value and transmits it to the client host, and then the client host recalculates the V value. The product of the password, the regenerated P value, the reciprocal of the reselected b value and the recalculated V value is brought into the second hash function to regenerate the client shared unit of the client host, Then, according to the client-side sharing unit regenerated by the client-side host and the server-side sharing unit stored by the server-side host, a threshold signature is performed on a transaction hash message

第1圖為本發明基於輸入密碼的門檻式簽章系統之系統方塊圖。 第2A圖及第2B圖為本發明基於輸入密碼的門檻式簽章方法之方法流程圖。 第3圖為應用本發明於客戶端主機設定密碼與輸入密碼進行簽章之示意圖。 第4圖為應用本發明於客戶端主機更改密碼及其相應的客戶端共享單元與伺服端共享單元之示意圖。 Fig. 1 is a system block diagram of the threshold type signature system based on the input password of the present invention. FIG. 2A and FIG. 2B are method flow charts of the threshold type signature method based on the input password of the present invention. FIG. 3 is a schematic diagram of applying the present invention to set a password on a client host and input the password for signing. FIG. 4 is a schematic diagram of applying the present invention to a client host to change a password and its corresponding client-side sharing unit and server-side sharing unit.

100:區塊鏈網路 100: Blockchain Network

110:公正端主機 110: Fair end host

120:客戶端主機 120: client host

121:第一生成模組 121: The first generation module

122:第二生成模組 122: Second Generation Module

123:第一運算模組 123: The first operation module

130:伺服端主機 130: Server host

131:金鑰模組 131: Key Module

132:第二運算模組 132: The second operation module

133:儲存模組 133: Storage Module

Claims (10)

一種基於輸入密碼的門檻式簽章系統,應用在包含多個節點的一區塊鏈網路,該系統包含: 一公正端主機,作為所述節點其中之一,用以預先為所述節點分配不同的一X座標及一層級值; 一客戶端主機,作為所述節點其中之一,用以接收該公正端主機分配的該X座標及該層級值,該客戶端主機包含: 一第一生成模組,用以允許輸入一密碼及隨機選擇一b值,並且將該密碼帶入一第一雜湊函式計算出的數值與該b值相乘以生成一P值並進行傳送; 一第二生成模組,連接該第一生成模組,用以接收一V值,並且將該密碼、該P值及該b值的倒數與該V值的乘積帶入一第二雜湊函式計算出的整數值作為該客戶端主機持有且對應該密碼的一密碼共享單元;以及 一第一運算模組,連接該第二生成模組,用以基於安全多方計算(Secure Multi-Party Computation, MPC)執行一分散式金鑰生成函式,將門檻式簽章的一t值、一n值及該客戶端主機的該層級值帶入該分散式金鑰生成函式以生成該客戶端主機的一客戶端共享單元及其相應的一門檻式簽章公鑰,其中該客戶端共享單元等於該密碼共享單元;以及 一伺服端主機,作為所述節點其中之一,用以接收該公正端主機分配的該X座標及該層級值,該伺服端主機包含: 一金鑰模組,用以在接收到該P值之後,生成非對稱式的一私鑰及其相應的一公鑰,並且隨機選擇一k值,再將該k值與該P值的乘積作為該V值,以及將該公鑰及該V值傳送至該客戶端主機; 一第二運算模組,用以基於安全多方計算執行該分散式金鑰生成函式,將門檻式簽章的該t值、該n值及該伺服端主機的該層級值帶入該分散式金鑰生成函式以生成該伺服端主機的一伺服端共享單元且相應於該門檻式簽章公鑰;以及 一儲存模組,連接該金鑰模組及該第二運算模組,用以儲存該伺服端共享單元、該k值、該門檻式簽章公鑰、該私鑰以及該伺服端主機及該客戶端主機的該X座標與該層級值; 其中,當該客戶端主機及該伺服端主機執行門檻式簽章時,該客戶端主機提示輸入該密碼且重新隨機選擇該b值,並且將輸入的該密碼帶入該第一雜湊函式計算出的數值與重新選擇的該b值相乘以重新生成該P值,以及將重新生成的該P值傳送至該伺服端主機,使伺服端主機重新計算該V值並傳送至該客戶端主機,再由該客戶端主機將該密碼、重新生成的該P值、重新選擇的該b值的倒數與重新計算出的該V值的乘積帶入該第二雜湊函式以重新生成該客戶端主機的該客戶端共享單元,再根據該客戶端主機重新生成的該客戶端共享單元與該伺服端主機儲存的該伺服端共享單元對一交易雜湊訊息執行門檻式簽章。 A threshold type signature system based on input password, applied in a blockchain network including multiple nodes, the system includes: a fair-end host, as one of the nodes, for pre-allocating a different X-coordinate and a level value to the node; A client host, as one of the nodes, is used to receive the X coordinate and the level value assigned by the fair end host, and the client host includes: A first generation module for allowing input of a password and randomly selecting a b value, and bringing the password into a first hash function to calculate a value and multiplying the b value to generate a P value and transmit it ; A second generation module, connected to the first generation module, for receiving a V value, and bringing the password, the P value and the product of the reciprocal of the b value and the V value into a second hash function the computed integer value as a cryptographic share unit held by the client host and corresponding to the cryptogram; and A first computing module, connected to the second generation module, is used to execute a distributed key generation function based on Secure Multi-Party Computation (MPC), and converts a t value of the threshold signature, A value of n and the level value of the client host are brought into the distributed key generation function to generate a client shared unit of the client host and a corresponding threshold signing public key, wherein the client The shared unit is equal to the cryptographic shared unit; and A server host, as one of the nodes, is used to receive the X coordinate and the level value assigned by the fair end host, and the server host includes: a key module for generating an asymmetric private key and a corresponding public key after receiving the P value, randomly selecting a k value, and then multiplying the k value and the P value as the V value, and transmitting the public key and the V value to the client host; A second computing module for executing the distributed key generation function based on secure multi-party computation, and bringing the t value, the n value of the threshold signature and the level value of the server host into the distributed key generation function key generation function to generate a server-side shared unit of the server-side host corresponding to the threshold signing public key; and a storage module, connected to the key module and the second computing module, for storing the server-side sharing unit, the k value, the threshold signature public key, the private key, the server-side host and the The X coordinate of the client host and the level value; Wherein, when the client host and the server host execute the threshold signature, the client host prompts to input the password and re-selects the b value randomly, and brings the inputted password into the first hash function to calculate The value obtained is multiplied by the reselected b value to regenerate the P value, and the regenerated P value is transmitted to the server host, so that the server host recalculates the V value and transmits it to the client host , then the client host brings the password, the regenerated P value, the product of the reciprocal of the reselected b value and the recalculated V value into the second hash function to regenerate the client The client-side sharing unit of the host computer performs threshold signature on a transaction hash message according to the client-side sharing unit regenerated by the client-side host and the server-side sharing unit stored in the server-side host. 如請求項1之基於輸入密碼的門檻式簽章系統,其中該第一雜湊函式係根據字串或位元組陣列生成一橢圓曲線群,該第二雜湊函式係根據字串或位元組陣列生成一整數。The threshold signature system based on input password of claim 1, wherein the first hash function generates an elliptic curve group according to a string or a byte array, and the second hash function is based on a string or a byte array Group array yields an integer. 如請求項1之基於輸入密碼的門檻式簽章系統,其中該客戶端主機以接收到的該公鑰對該密碼進行加密及儲存至一雲端硬碟備用,當遺忘該密碼時,該客戶端主機自該雲端硬碟下載已加密的該密碼,並且自該伺服端主機接收該私鑰以對已加密的該密碼進行解密。For the threshold signature system based on input password of claim 1, wherein the client host encrypts the password with the received public key and stores it in a cloud hard disk for backup, when the password is forgotten, the client The host downloads the encrypted password from the cloud hard disk, and receives the private key from the server host to decrypt the encrypted password. 如請求項1之基於輸入密碼的門檻式簽章系統,其中該分散式金鑰生成函式包含: 該客戶端主機及該伺服端主機相互交換各自的該X座標; 該客戶端主機根據該t值、該n值及該層級值隨機選擇一第一多項式,該伺服端主機根據該t值、該n值及該層級值隨機選擇一第二多項式,該第一多項式及該第二多項式的最高次數為該t值減數值1,以及將該客戶端主機的該X座標分別帶入該第一多項式及該第二多項式以分別計算出一第一多項式值及一第二多項式值,其中,隨機選擇的該第一多項式需滿足該第一多項式值與該密碼共享單元相等,隨機選擇的該第二多項式需滿足該第二多項式值為數值零; 該客戶端主機及該伺服端主機將自身的該X座標帶入自身選擇的該第一多項式或該第二多項式以計算出相應的一第三多項式值,以及將對方的該X座標帶入自身選擇的該第一多項式或該第二多項式以計算出相應的一第四多項式值,並且由該客戶端主機將計算出的該第四多項式值傳送至該伺服端主機; 該客戶端主機及該伺服端主機分別將數值零帶入自身選擇的該第一多項式或該第二多項式以計算出相應的一第五多項式值,再將各自計算出的該第五多項式值與橢圓曲線群的一基點相乘以各自計算出相應的一交換數值和生成與該密碼共享單元及該伺服端共享單元相應的一零知識證明並相互交換;以及 該客戶端主機將自身計算出的該第三多項式值設為該客戶端共享單元,以及該伺服端主機將自身計算出的該第三多項式值及接收到的該第四多項式值相加以計算出相應的該伺服端共享單元,並且驗證該零知識證明和根據該交換數值及該客戶端主機與該伺服端主機的一伯克霍夫係數計算出與該客戶端共享單元及該伺服端共享單元相應的該門檻式簽章公鑰。 The threshold signature system based on input password of claim 1, wherein the distributed key generation function includes: The client host and the server host exchange the respective X-coordinates with each other; The client host randomly selects a first polynomial according to the t value, the n value and the level value, and the server host randomly selects a second polynomial according to the t value, the n value and the level value, The highest degree of the first polynomial and the second polynomial is the t value minus a value of 1, and the X-coordinate of the client host is brought into the first polynomial and the second polynomial, respectively to calculate a first polynomial value and a second polynomial value respectively, wherein the randomly selected first polynomial must satisfy that the first polynomial value is equal to the password sharing unit, and the randomly selected The second polynomial needs to satisfy that the second polynomial value is zero; The client host and the server host bring their own X-coordinates into the first polynomial or the second polynomial selected by themselves to calculate a corresponding third polynomial value, and transfer each other's The X coordinate is brought into the first polynomial or the second polynomial selected by itself to calculate a corresponding fourth polynomial value, and the client host will calculate the fourth polynomial value is sent to the server host; The client host and the server host respectively bring the value zero into the first polynomial or the second polynomial selected by themselves to calculate a corresponding fifth polynomial value, and then use the calculated value The fifth polynomial value is multiplied by a base point of the elliptic curve group to respectively calculate a corresponding exchange value and generate a zero-knowledge proof corresponding to the cryptographic sharing unit and the server-side sharing unit and exchange them with each other; and The client host sets the third polynomial value calculated by itself as the client sharing unit, and the server host sets the third polynomial value calculated by itself and the received fourth polynomial value as the client sharing unit Add the formula values to calculate the corresponding shared unit of the server, and verify the zero-knowledge proof and calculate the shared unit with the client according to the exchange value and a Birkhoff coefficient of the client host and the server host and the threshold signature public key corresponding to the server-side sharing unit. 如請求項1之基於輸入密碼的門檻式簽章系統,其中該客戶端主機及該伺服端主機允許基於安全多方計算執行一更換密碼函式,用以將該密碼更換為一新密碼,該更換密碼函式包含: 該客戶端主機提示輸入該密碼及該新密碼,並且隨機選擇一b1值及一b2值,再將該密碼帶入該第一雜湊函式且與該b1值相乘以計算出一舊P值,以及將該新密碼帶入該第一雜湊函式且與該b2值相乘以計算出一新P值,並且將該舊P值及該新P值傳送至該伺服端主機; 該伺服端主機將該k值與該舊P值相乘以計算出一舊V值,以及將隨機產生的一新k值與該新P值相乘以計算出一新V值,並且傳送該舊V值、該新V值及該公鑰至該客戶端主機; 該客戶端主機將該密碼、該舊P值、該b1值的倒數與該舊V值的乘積帶入該第二雜湊函式以計算出一舊密碼共享單元,以及將該新密碼、該新P值、該b2值的倒數與該新V值的乘積帶入該第二雜湊函式以計算出一新密碼共享單元;以及 該客戶端主機及該伺服端主機將該舊密碼共享單元、該新密碼共享單元、門檻式簽章的該t值、該n值及各自的該層級值帶入該分散式金鑰生成函式以生成該客戶端主機的一客戶端新共享單元及該伺服端主機的一伺服端新共享單元,並且以該伺服端新共享單元取代儲存在該儲存模組的該伺服端共享單元,以及生成與該客戶端新共享單元及該伺服端新共享單元相應的一新門檻式簽章公鑰。 For the threshold signature system based on input password of claim 1, wherein the client host and the server host are allowed to execute a password change function based on secure multi-party computation to replace the password with a new password, the replacement The cipher function contains: The client host prompts for the password and the new password, and randomly selects a b1 value and a b2 value, and then takes the password into the first hash function and multiplies the b1 value to calculate an old P value , and bring the new password into the first hash function and multiply the b2 value to calculate a new P value, and transmit the old P value and the new P value to the server host; The server-side host multiplies the k value by the old P value to calculate an old V value, and multiplies a randomly generated new k value by the new P value to calculate a new V value, and transmits the the old V value, the new V value and the public key to the client host; The client host takes the password, the old P value, the product of the reciprocal of the b1 value and the old V value into the second hash function to calculate an old password sharing unit, and the new password, the new The product of the P value, the inverse of the b2 value, and the new V value is brought into the second hash function to calculate a new cryptographic sharing unit; and The client host and the server host bring the old password sharing unit, the new password sharing unit, the t value of the threshold signature, the n value and the respective level value into the distributed key generation function generating a client new shared unit of the client host and a server new shared unit of the server host, and replacing the server shared unit stored in the storage module with the server new shared unit, and generating A new threshold-type signature public key corresponding to the new shared unit of the client and the new shared unit of the server. 一種基於輸入密碼的門檻式簽章方法,應用在包含多個節點的一區塊鏈網路,其步驟包括: 提供作為該區塊鏈網路的所述節點的一公正端主機、一客戶端主機及一伺服端主機,該客戶端主機及該伺服端主機皆由該公正端主機預先分配相應的一X座標及一層級值; 該客戶端主機允許輸入一密碼及隨機選擇一b值,並且將該密碼帶入一第一雜湊函式計算出的數值與該b值相乘以生成一P值,以及將該P值傳送至該伺服端主機; 該伺服端主機接收到該P值之後,生成非對稱式的一私鑰及其相應的一公鑰,並且隨機選擇一k值,再將該k值與該P值的乘積作為一V值,以及將該公鑰及該V值傳送至該客戶端主機; 該客戶端主機在接收到該V值後,將該密碼、該P值及該b值的倒數與該V值的乘積帶入一第二雜湊函式計算出的整數值作為該客戶端主機持有且對應該密碼的一密碼共享單元; 該客戶端主機及該伺服端主機以安全多方計算(Secure Multi-Party Computation, MPC)執行一分散式金鑰生成函式,將門檻式簽章的一t值、一n值及各自的該層級值帶入該分散式金鑰生成函式以生成該客戶端主機的一客戶端共享單元及該伺服端主機的一伺服端共享單元,其中該客戶端共享單元等於該密碼共享單元,以及生成與該客戶端共享單元及該伺服端共享單元相應的一門檻式簽章公鑰; 該伺服端主機儲存該伺服端共享單元、該k值、該門檻式簽章公鑰、該私鑰以及該伺服端主機及該客戶端主機的該X座標與該層級值;以及 當執行門檻式簽章時,該客戶端主機提示輸入該密碼且重新隨機選擇該b值,並且將輸入的該密碼帶入該第一雜湊函式計算出的數值與重新選擇的該b值相乘以重新生成該P值,以及將重新生成的該P值傳送至該伺服端主機,使伺服端主機重新計算該V值並傳送至該客戶端主機,再由該客戶端主機將該密碼、重新生成的該P值、重新選擇的該b值的倒數與重新計算出的該V值的乘積帶入該第二雜湊函式以重新生成該客戶端主機的該客戶端共享單元,再根據該客戶端主機重新生成的該客戶端共享單元與該伺服端主機儲存的該伺服端共享單元對一交易雜湊訊息執行門檻式簽章。 A threshold-type signature method based on an input password is applied to a blockchain network including multiple nodes, and the steps include: A fair host, a client host and a server host are provided as the nodes of the blockchain network, and the client host and the server host are pre-assigned a corresponding X coordinate by the fair host and a level value; The client host allows input of a password and randomly selects a b value, and takes the password into a first hash function and multiplies the value calculated by the b value to generate a P value, and transmits the P value to the server host; After receiving the P value, the server host generates an asymmetric private key and a corresponding public key, randomly selects a k value, and then uses the product of the k value and the P value as a V value, and transmitting the public key and the V value to the client host; After receiving the V value, the client host takes the product of the password, the P value and the reciprocal of the b value and the V value into an integer value calculated by a second hash function as the client host There is a password sharing unit corresponding to the password; The client host and the server host execute a distributed key generation function through Secure Multi-Party Computation (MPC), and convert a value of t, a value of n of the threshold signature and their respective levels. The value is brought into the distributed key generation function to generate a client shared unit of the client host and a server shared unit of the server host, wherein the client shared unit is equal to the cryptographic shared unit, and the A threshold-type signature public key corresponding to the client-side sharing unit and the server-side sharing unit; the server host stores the server shared unit, the k value, the threshold signature public key, the private key, and the X-coordinate and the level value of the server host and the client host; and When performing threshold signature, the client host prompts for the password and re-selects the b value randomly, and brings the entered password into the first hash function to calculate a value that is consistent with the re-selected b value Multiply and regenerate the P value, and transmit the regenerated P value to the server host, so that the server host recalculates the V value and transmits it to the client host, and then the client host uses the password, The product of the regenerated P value, the reciprocal of the reselected b value and the recalculated V value is brought into the second hash function to regenerate the client shared unit of the client host, and then according to the The client-side sharing unit regenerated by the client-side host and the server-side sharing unit stored by the server-side host perform threshold signatures on a transaction hash message. 如請求項6之基於輸入密碼的門檻式簽章方法,其中該第一雜湊函式係根據字串或位元組陣列生成一橢圓曲線群,該第二雜湊函式係根據字串或位元組陣列生成一整數。The threshold signature method based on the input password of claim 6, wherein the first hash function generates an elliptic curve group according to a string or a byte array, and the second hash function is based on a string or a byte array Group array yields an integer. 如請求項6之基於輸入密碼的門檻式簽章方法,其中該客戶端主機以接收到的該公鑰對該密碼進行加密及儲存至一雲端硬碟備用,當遺忘該密碼時,該客戶端主機自該雲端硬碟下載已加密的該密碼,並且自該伺服端主機接收該私鑰以對已加密的該密碼進行解密。According to the threshold signature method based on the input password of claim 6, wherein the client host encrypts the password with the received public key and stores it in a cloud hard disk for backup, when the password is forgotten, the client The host downloads the encrypted password from the cloud hard disk, and receives the private key from the server host to decrypt the encrypted password. 如請求項6之基於輸入密碼的門檻式簽章方法,其中該分散式金鑰生成函式包含: 該客戶端主機及該伺服端主機相互交換各自的該X座標; 該客戶端主機根據該t值、該n值及該層級值隨機選擇一第一多項式,該伺服端主機根據該t值、該n值及該層級值隨機選擇一第二多項式,該第一多項式及該第二多項式的最高次數為該t值減數值1,以及將該客戶端主機的該X座標分別帶入該第一多項式及該第二多項式以分別計算出一第一多項式值及一第二多項式值,其中,隨機選擇的該第一多項式需滿足該第一多項式值與該密碼共享單元相等,隨機選擇的該第二多項式需滿足該第二多項式值為數值零; 該客戶端主機及該伺服端主機將自身的該X座標帶入自身選擇的該第一多項式或該第二多項式以計算出相應的一第三多項式值,以及將對方的該X座標帶入自身選擇的該第一多項式或該第二多項式以計算出相應的一第四多項式值,並且由該客戶端主機將計算出的該第四多項式值傳送至該伺服端主機; 該客戶端主機及該伺服端主機分別將數值零帶入自身選擇的該第一多項式或該第二多項式以計算出相應的一第五多項式值,再將各自計算出的該第五多項式值與橢圓曲線群的一基點相乘以各自計算出相應的一交換數值和生成與該密碼共享單元及該伺服端共享單元相應的一零知識證明並相互交換;以及 該客戶端主機將自身計算出的該第三多項式值設為該客戶端共享單元,以及該伺服端主機將自身計算出的該第三多項式值及接收到的該第四多項式值相加以計算出相應的該伺服端共享單元,並且驗證該零知識證明和根據該交換數值及該客戶端主機與該伺服端主機的一伯克霍夫係數計算出與該客戶端共享單元及該伺服端共享單元相應的該門檻式簽章公鑰。 The threshold signature method based on the input password of claim 6, wherein the distributed key generation function includes: The client host and the server host exchange the respective X-coordinates with each other; The client host randomly selects a first polynomial according to the t value, the n value and the level value, and the server host randomly selects a second polynomial according to the t value, the n value and the level value, The highest degree of the first polynomial and the second polynomial is the t value minus a value of 1, and the X-coordinate of the client host is brought into the first polynomial and the second polynomial, respectively to calculate a first polynomial value and a second polynomial value respectively, wherein the randomly selected first polynomial must satisfy that the first polynomial value is equal to the password sharing unit, and the randomly selected The second polynomial needs to satisfy that the second polynomial value is zero; The client host and the server host bring their own X-coordinates into the first polynomial or the second polynomial selected by themselves to calculate a corresponding third polynomial value, and transfer each other's The X coordinate is brought into the first polynomial or the second polynomial selected by itself to calculate a corresponding fourth polynomial value, and the client host will calculate the fourth polynomial value is sent to the server host; The client host and the server host respectively bring the value zero into the first polynomial or the second polynomial selected by themselves to calculate a corresponding fifth polynomial value, and then use the calculated value The fifth polynomial value is multiplied by a base point of the elliptic curve group to respectively calculate a corresponding exchange value and generate a zero-knowledge proof corresponding to the cryptographic sharing unit and the server-side sharing unit and exchange them with each other; and The client host sets the third polynomial value calculated by itself as the client sharing unit, and the server host sets the third polynomial value calculated by itself and the received fourth polynomial value as the client sharing unit Add the formula values to calculate the corresponding shared unit of the server, and verify the zero-knowledge proof and calculate the shared unit with the client according to the exchange value and a Birkhoff coefficient of the client host and the server host and the threshold signature public key corresponding to the server-side sharing unit. 如請求項6之基於輸入密碼的門檻式簽章方法,其中該客戶端主機及該伺服端主機允許基於安全多方計算執行一更換密碼函式,用以將該密碼更換為一新密碼,該更換密碼函式包含: 該客戶端主機提示輸入該密碼及該新密碼,並且隨機選擇一b1值及一b2值,再將該密碼帶入該第一雜湊函式且與該b1值相乘以計算出一舊P值,以及將該新密碼帶入該第一雜湊函式且與該b2值相乘以計算出一新P值,並且將該舊P值及該新P值傳送至該伺服端主機; 該伺服端主機將該k值與該舊P值相乘以計算出一舊V值,以及將隨機產生的一新k值與該新P值相乘以計算出一新V值,並且傳送該舊V值、該新V值及該公鑰至該客戶端主機; 該客戶端主機將該密碼、該舊P值、該b1值的倒數與該舊V值的乘積帶入該第二雜湊函式以計算出一舊密碼共享單元,以及將該新密碼、該新P值、該b2值的倒數與該新V值的乘積帶入該第二雜湊函式以計算出一新密碼共享單元;以及 該客戶端主機及該伺服端主機將該舊密碼共享單元、該新密碼共享單元、門檻式簽章的該t值、該n值及各自的該層級值帶入該分散式金鑰生成函式以生成該客戶端主機的一客戶端新共享單元及該伺服端主機的一伺服端新共享單元,並且以該伺服端新共享單元取代該伺服端共享單元,以及生成與該客戶端新共享單元及該伺服端新共享單元相應的一新門檻式簽章公鑰。 The password-based threshold signature method of claim 6, wherein the client host and the server host are allowed to execute a password change function based on secure multi-party computation to replace the password with a new password, the replacement The cipher function contains: The client host prompts for the password and the new password, and randomly selects a b1 value and a b2 value, and then takes the password into the first hash function and multiplies the b1 value to calculate an old P value , and bring the new password into the first hash function and multiply the b2 value to calculate a new P value, and transmit the old P value and the new P value to the server host; The server-side host multiplies the k value by the old P value to calculate an old V value, and multiplies a randomly generated new k value by the new P value to calculate a new V value, and transmits the the old V value, the new V value and the public key to the client host; The client host takes the password, the old P value, the product of the reciprocal of the b1 value and the old V value into the second hash function to calculate an old password sharing unit, and the new password, the new The product of the P value, the inverse of the b2 value, and the new V value is brought into the second hash function to calculate a new cryptographic sharing unit; and The client host and the server host bring the old password sharing unit, the new password sharing unit, the t value of the threshold signature, the n value and the respective level value into the distributed key generation function to generate a client new shared unit of the client host and a server new shared unit of the server host, and replace the server shared unit with the server new shared unit, and generate a new shared unit with the client and a new threshold-type signature public key corresponding to the new shared unit on the server side.
TW110109070A 2021-03-15 2021-03-15 Threshold signature scheme system based on inputting password and method thereof TWI759138B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW110109070A TWI759138B (en) 2021-03-15 2021-03-15 Threshold signature scheme system based on inputting password and method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW110109070A TWI759138B (en) 2021-03-15 2021-03-15 Threshold signature scheme system based on inputting password and method thereof

Publications (2)

Publication Number Publication Date
TWI759138B true TWI759138B (en) 2022-03-21
TW202239173A TW202239173A (en) 2022-10-01

Family

ID=81710883

Family Applications (1)

Application Number Title Priority Date Filing Date
TW110109070A TWI759138B (en) 2021-03-15 2021-03-15 Threshold signature scheme system based on inputting password and method thereof

Country Status (1)

Country Link
TW (1) TWI759138B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI795284B (en) * 2022-05-05 2023-03-01 英屬開曼群島商現代財富控股有限公司 Threshold signature generation system based on garbled circuit and method thereof

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017127238A1 (en) * 2016-01-20 2017-07-27 Mastercard International Incorporated Method and system for distributed cryptographic key provisioning and storage via elliptic curve cryptography
TW201946412A (en) * 2018-03-02 2019-12-01 安地卡及巴布達商區塊鏈控股有限公司 Computer implemented method and system for transferring control of a digital asset

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017127238A1 (en) * 2016-01-20 2017-07-27 Mastercard International Incorporated Method and system for distributed cryptographic key provisioning and storage via elliptic curve cryptography
TW201946412A (en) * 2018-03-02 2019-12-01 安地卡及巴布達商區塊鏈控股有限公司 Computer implemented method and system for transferring control of a digital asset

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
Adriano Di Luzio, et al., "Arcula:A Secure Hierarchical Deterministic Wallet for Multi-asset Blockchains", Stevens Institute of Technology, USA, 2019/12/12. *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI795284B (en) * 2022-05-05 2023-03-01 英屬開曼群島商現代財富控股有限公司 Threshold signature generation system based on garbled circuit and method thereof

Also Published As

Publication number Publication date
TW202239173A (en) 2022-10-01

Similar Documents

Publication Publication Date Title
US11601407B2 (en) Fast oblivious transfers
KR102170346B1 (en) Systems and methods for information protection
JP6515246B2 (en) Determination of common secrets for the secure exchange of information and hierarchical and deterministic encryption keys
US11080694B2 (en) System and method for information protection
KR102150814B1 (en) Systems and methods for information protection
JP7065887B2 (en) Methods and systems for establishing reliable peer-to-peer communication between nodes in a blockchain network
KR20200066260A (en) System and method for information protection
TWI821248B (en) Computer implemented method and system for transferring control of a digital asset
TWI813616B (en) Computer implemented method and system for obtaining digitally signed data
JP2022547876A (en) System and method for message signing
TW202029693A (en) Computer implemented system and method for distributing shares of digitally signed data
TWI759138B (en) Threshold signature scheme system based on inputting password and method thereof
TWI701931B (en) Digital signature method with hierarchical mechanism and hardware wallet device suitable therefore
TWI764811B (en) Key generating system for hierarchical deterministic wallet and method thereof
TWI702820B (en) Secret sharing signature system with hierarchical mechanism and method thereof
TWI776416B (en) Threshold signature scheme system for hierarchical deterministic wallet and method thereof
TWI737956B (en) Threshold signature system based on secret sharing and method thereof
TWI689194B (en) Threshold signature system based on secret sharing without dealer and method thereof
TWI799286B (en) Random number generation system for threshold signature scheme and method thereof
TWI694349B (en) Threshold signature system with prevent memory dump and method thereof
TWI782486B (en) Threshold and number of participation adjusting system for threshold signature scheme and method thereof
US11979493B2 (en) Methods and systems to establish trusted peer-to-peer communications between nodes in a blockchain network